Re: [Buildroot] [PATCH 1/3] package/refpolicy: Add patches pending the next release

From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
To: Maxime Chevallier <maxime.chevallier@bootlin.com>
Cc: Antoine Tenart <atenart@kernel.org>,
	Adam Duskett <aduskett@gmail.com>,
	buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 1/3] package/refpolicy: Add patches pending the next release
Date: Fri, 7 Jan 2022 22:36:24 +0100	[thread overview]
Message-ID: <20220107223624.3ba7d348@windsurf> (raw)
In-Reply-To: <20210107135307.1762186-2-maxime.chevallier@bootlin.com>

Hello Maxime,

On Thu,  7 Jan 2021 14:53:05 +0100
Maxime Chevallier <maxime.chevallier@bootlin.com> wrote:

> In order to be able to run a basic system in enforcing mode, we need to
> apply a few patches on top of RELEASE_2_20200818.
> 
> This allows us to fix a few pending issues, most notably with systemd v246.
> 
> Patch 0001 is a squash of a few patches written by Antoine Tenart that
> are already in the refpolicy master branch.
> 
> Patches 2, 3 and 4 are also in the master branch, and are needed by
> subsequen patches so that systemd-tmpfiles and agetty can make use of
> nsswitch.
> 
> Patches 5 and 6 are part of a pull-request that haven't been merged yet,
> that addresses the issues with agetty and systemd-tmpfiles :
> https://github.com/SELinuxProject/refpolicy/pull/330
> 
> Patch 7 fixes the current issue with systemd v246 that is related to
> sytemd-udevd now being a symlink to udevadm.
> 
> The fix for that has been submitted on the refpolicy mailing-list, with
> the review process ongoing :
> https://lore.kernel.org/selinux-refpolicy/2b5b0f1e-2576-23f4-4ab4-26f8fcfb2c30@ieee.org/T/#t
> 
> Finally, Patch 8 addresses issues for which there's no clear strategy
> yet for upstreaming in the refpolicy.

So now, all of the patches except patch 8 are in upstream refpolicy,
which is good.

However, this patch 8 is really not good, it doesn't document anything
about why those fixes are needed. I think it would be acceptable to
have out of tree refpolicy patches, but they should be just a mixed bag
of fixes all in a single patch that just says "Buildroot fixes".

We need that patch 8 to be split up into multiple patches, each with a
proper explanation of what it is fixing. Perhaps this would also help
with the upstreaming.

So I'm afraid we can't merge this patch series as it is, just because
patch 8 isn't properly explained/detailed.

Maxime: do you have that patch 8 broken down into smaller pieces with
reasonable explanation about each piece?

I really would like to see this being finalized.

Best regards,

Thomas
-- 
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot