[DSE-Dev] I've created secilc package, please sponsor

Victor Porton porton at narod.ru
Sun May 11 22:58:21 UTC 2014


12.05.2014, 01:50, "Laurent Bigonville" <bigon at debian.org>:
> Le Mon, 12 May 2014 00:22:59 +0300,
> Victor Porton <porton at narod.ru> a écrit :
>
>>  I also added (untested) code to automatically reload the policy on
>>  installation/uninstallation. See files cil-install and cil-uninstall.
>
> I would keep this out of the pkg ATM as there is no cil policy in
> debian for now.

What is ATM?

I think the behavior of my package can be taken as the CIL policy in Debian.

One thing my CIL installation architecture requires is that no two installed CIL modules have the same file name. I think this is OK for Debian packaging.

>>  However:
>>
>>  1. It was tested only on x86 as I don't have access to other systems.
>>  It may or may not work with x86_64.
>
> I can fix this if you want, but the pkg should compile an all linux
> architectures before we are uploading it.

I don't haste. I am waiting for patches.

>>  2. cil-install script was not tested as I have not found any CIL
>>  testcase to use for this testing.
>
> I'm really wondering if we should ship these files at all for the
> moment (and especially in /etc).
>
> I would prefer just pkg the compiler itself for now.

Why not?

I think there is no better way to install CIL files than the one way I've implemented.

Essentially, it supports both CIL as conffiles and automatic removal (or the symlink) on uninstallation.

Well, we can also add a configuration file setting a parameter there would cancel removal of the symlinks when a CIL aware package uninstalls. But I doubt whether it is really useful.

>>  3. debian/watch does not work. Patches are appreciate.
>>
>>  My package is Version 0.0.0+git20140511-1 (not Version 0.0.1-1) at
>>  https://mentors.debian.net/package/secilc
>>
>>  Please sponsor my package to go into unstable.
>
> I can fix these issues in the following days. Is it still ok of we are
> putting the pkg in a team maintained repositories?

I don't understand your question.

P.S. My purpose is to create sandbox which can run untrusted programs downloaded from the Web. In turn this is to be used in this my project (not directly related with SELinux):
http://freesoft.portonvictor.org/namespaces.xml

--
Victor Porton - http://portonvictor.org



More information about the SELinux-devel mailing list