Re: [gentoo-dev] it's time for 22.0 profiles

2022-06-04 Thread Kenton Groombridge
On 22/05/28 10:28PM, Andreas K. Huettel wrote:
> Hi all,
>
> it's time for introducing 22.0 profiles [1] - so if you have any things that 
> need to
> be switched in an incompatible way tree-wide, or if you have any suggestions 
> on how
> to change our default settings, please reply to this mail with details!
>

The currently existing systemd/selinux profiles need to be replaced with
systemd/hardened and systemd/hardened/selinux profiles. So, instead of
(for example):

default/linux/amd64/20.0/no-multilib/systemd/selinux
default/linux/amd64/20.0/systemd/selinux

We would instead have:

default/linux/amd64/20.0/no-multilib/systemd/hardened/selinux
default/linux/amd64/20.0/no-multilib/systemd/hardened
default/linux/amd64/20.0/systemd/hardened
default/linux/amd64/20.0/systemd/hardened/selinux

The takeaway is that the systemd/selinux profiles should have hardened
as a parent for consistency with the other SELinux profiles.

/* Kenton Groombridge */


signature.asc
Description: PGP signature


[gentoo-dev] it's time for 22.0 profiles

2022-05-28 Thread Andreas K. Huettel
Hi all, 

it's time for introducing 22.0 profiles [1] - so if you have any things that 
need to
be switched in an incompatible way tree-wide, or if you have any suggestions on 
how
to change our default settings, please reply to this mail with details! 

Cheers,
Andreas

[1] Why? That's a quite long e-mail in itself. Very short summary... 
* All 32bit arches (except riscv32) have a problem. They by default use some 
datatypes in 
  32bit, but need to move to 64bit (think timestamps). That's fine for 
applications, 
  but what do you do if the ABI of some library changes this way? 
* Plan is to keep the 32bit types as long as possible, and switch to 64bit with 
the
  new profile. Details are still being discussed. Pop into #g-toolchain if 
interested
  and poke Sam or me...

-- 
Andreas K. Hüttel
dilfri...@gentoo.org
Gentoo Linux developer
(council, toolchain, base-system, perl, libreoffice)

signature.asc
Description: This is a digitally signed message part.