refpolicy-contrib

[xavloose]

I am still quite new to this selinux thing but shouldn't arch also have refpolicy-contrib? I am willing to undertake this assuming what I currently understand about selinux is correct. refpolicy has a refpolicy-contrib repo so I was planning to port that to arch. I just wanted to make sure that effort isn't wasted.

[ial0]

The policy packages already contain contrib.

refpoliy-contrib is managed upstream as a separate repo, this linked into refpolicy as a submodule, hence any refpolicy releases already contain contrib. They're not designed to packaged separately.

[fishilico]

As far as I understand the current situation, the main reason why the Reference Policy is splitted in two repositories ("refpolicy" with all vital files and "refpolicy-contrib" with policy/modules/contrib) is to make it possible to have different people with the push privilege between refpolicy-contrib ans refpolicy repos. Gentoo maintains its policy in a single repository (https://gitweb.gentoo.org/proj/hardened-refpolicy.git/tree/) and Debian has a list of patches from released version, so kind-of works from a merged repository too (https://anonscm.debian.org/cgit/selinux/refpolicy.git/tree/debian/patches).

There have recently been several changes to enhance systemd support in the upstream repository (and systems with a "merged /usr directory, which was a huge issue to Arch) and I am wondering whether it would now make sense to package a "refpolicy-git" package for Arch Linux. This would probably makes it easier to contribute to upstream repository.

Anyway I do not see a good reason for Arch Linux to package refpolicy-contrib as a separate repository. I believe it would be better appreciated to make the Reference Policy work on Arch Linux "out of the box" instead of maintaining our own forks of upstream repositories.