From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Sat, 6 May 2017 13:59:50 +0200 Subject: [refpolicy] [PATCH 0/33] description In-Reply-To: <8bc4f938-ee7d-76e1-cfe0-482674460e2e@ieee.org> References: <1492649990.14733.70.camel@trentalancia.net> <808781969.181179.1492690424033@pim.register.it> <20170420141003.GB11432@meriadoc.perfinion.com> <960668182.196968.1492697823367@pim.register.it> <342768044.208111.1492728614697@pim.register.it> <014CCF29-92AC-489E-8248-B681BFF663DA@trentalancia.net> <8bc4f938-ee7d-76e1-cfe0-482674460e2e@ieee.org> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sun, Apr 23, 2017 at 3:14 PM, Chris PeBenito via refpolicy wrote: > On 04/22/2017 07:50 AM, Guido Trentalancia via refpolicy wrote: >> The patchset that I have posted the other day is ready to use, now. >> >> How comes these other changes, that you say are equivalent, have not been merged yet? >> >> Christopher has already decided to apply the patch that you mentioned, I hope there will be the same functionality implemented at least before next release... > > I've given feedback several times. I'm not sure what happened, and I > can't remember if we couldn't come to a conclusion or if it simply fell > off my plate. I think that's my fault. The last feedback was that you weren't sure that the approach needs its own module or not. Remember, Gentoo has moved those definitions inside its own module (xdg.*) to refer to the base specification where those locations have been defined. This is for a couple of reasons: to not make userdomain larger than it is already, to make use of the modularity that refpolicy provides, and to facilitate some compatibility (no xdg module, then the locations remain user_home_t for instance). A year or two later, a separate xdg module was suggested by Dominick as well (with similar concept as Gentoo has), but it fell through the cracks too (no discussion on it [1]). [1] http://oss.tresys.com/pipermail/refpolicy/2013-November/006621.html So one of the decisions we need to take is if a separate module is warranted or not. This can go either way, and if you or the community at large prefers to put it in the userdomain, then I can agree to follow it - I might not fully stand behind it, but this is a community effort after all, and I too prefer to get things forward (so, apologies that I didn't follow up then). My suggestion would be as follows: I'll go through Guido's patch and see if there are any *conceptual* differences between his patch and Gentoo's approach. If there are, we'll discuss them here to see what is the best way forward. If Gentoo's conceptual design is more preferred then we'll probably base it on Gentoo's current policy code base. If Guido's is preferential then we start off with Guido's. Once the conceptual differences have been resolved (or there weren't to begin with), then the next step would be to publish the patch round again (whatever based upon) with the merged changes from both sets (be it Gentoo's or Guido's). As Jason already mentioned - yes, this is a big patch, so it also makes sense to do this in a step-wise approach rather than one big patch set. Is that feasible for you guys? I know I haven't been around/active for a long time but that's about to change ;-) Wkr, Sven Vermeulen