Add draft go-selinux project proposal #29
Conversation
Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
|
LGTM |
proposals/selinux.md
Outdated
| A: No. Nothing in this proposal is intended to amend the OCI Charter (https://www.opencontainers.org/about/governance) or OCI Scope Table (https://www.opencontainers.org/about/oci-scope-table). | ||
|
|
||
| Q: Why move this out of the runc project? | ||
| A: TODO |
There was a problem hiding this comment.
To be able to reuse this in different container projects as well as have dedicated maintainers for the SELinux library.
There was a problem hiding this comment.
dedicated maintainers for stability
|
Added one comment to address TODO. Otherwise LGTM. @caniszczyk Thanks for putting this together! |
|
LGTM |
|
@philips as chair of the @opencontainers/tob, any comments before we bring this up for a vote? |
|
FAQ items I want to see:
|
|
I have been personally asked for these go bindings outside of runc/libcontainer over the years. |
|
@rhatdan but why a new git repo and release process? Is it to raise awareness? Have a separate release process because runc release too slow? Essentially what is the motivation. |
|
I was asked if I was interested, and I said sure. But I can't say I had a huge motivation. That being said... Being able to get fixes into go-selinux without having to wait for runc approval would also be nice. |
|
runc can also stick to a particular version w/o the hassle of people changing the selinux package causing bugs when upgrading (it happened) |
no versioning of selinux in runc - for instance, we fixed something in selinux in runc because CRI-O needed it but at the same time we broke docker which was relying on it. Having fixed versions for selinux wouldn't have led to this issue since docker could have stuck to a previous version and carefully test the new version w/o pulling new changes as part of a libcontainer library bump.
nothing I guess. To me it's clearer to have a dedicated repo for just the selinux library (as what we already have today with go-digest in OCI)
docker, CRI-O, kubernetes(?), any other project out there requiring a dedicated selinux library. It'll be easy to add features in a dedicated repo also. |
|
RKT also I believe. |
|
I don't really care either way but I trust @crosbymichael @rhatdan @runcom so: LGTM |
|
@caniszczyk I can propose this to the TOC. What are the next steps? Merge and propose via email? |
|
@philips yep, you would have to do a @opencontainers/tob vote (see go-digest as an example: https://groups.google.com/a/opencontainers.org/forum/#!topic/tob/kplbAW5N9dc) |
|
done |
README.md
Outdated
| @@ -22,6 +22,7 @@ https://groups.google.com/a/opencontainers.org/forum/#!forum/tob (tob@opencontai | |||
|
|
|||
| * [Digest](https://github.com/opencontainers/tob/blob/master/proposals/digest.md) | |||
| * [Image Format Spec](https://github.com/opencontainers/tob/tree/master/proposals/image-format) | |||
| * [Selinux](https://github.com/opencontainers/tob/blob/master/proposals/selinux.md) | |||
There was a problem hiding this comment.
I'm fine with all lower case, but where we uppercase anything I think we should use "SELinux".
proposals/selinux.md
Outdated
| * Antonio Murdaca <runcom@redhat.com> (@runcom) | ||
| * Daniel J Walsh <dwalsh@redhat.com> (@rhatdan) | ||
| * Mrunal Patel <mpatel@redhat.com> (@mrunalp) | ||
| * TODO |
There was a problem hiding this comment.
Fill this in before the TOB vote completes?
proposals/selinux.md
Outdated
| This project would incorporate the Governance and Releases processes from the OCI project template: https://github.com/opencontainers/project-template. | ||
|
|
||
| ### Project Communications | ||
| Both of the proposed projects would continue to use existing channels in use by the OCI developer community for communication including: |
There was a problem hiding this comment.
Both? Copy/paste from somewhere else? I think there's only one project here, unless you mean runC is not leaving. Either way, I think this line could be more clear (e.g. listing projects by name).
proposals/selinux.md
Outdated
|
|
||
| ## Frequently Asked Questions (FAQ) | ||
| Q: Does this change the OCI Charter or Scope Table? | ||
| A: No. Nothing in this proposal is intended to amend the OCI Charter (https://www.opencontainers.org/about/governance) or OCI Scope Table (https://www.opencontainers.org/about/oci-scope-table). |
There was a problem hiding this comment.
nit: markdown formatting is not pretty
|
We have enough votes to approve this before the vote closes out but I want to do a final call for maintainers on this project, right now I have three:
cc: @opencontainers/runc-maintainers |
|
Also to note we have 8/9 +1s from the @opencontainers/tob on this so we have well cleared the minimum bar of votes needed for this project to happen. |
caniszczyk
force-pushed
the
selinux-project
branch
2 times, most recently
from
f9a808f
to
542397e
Compare
Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
|
I have invited Stephen Smalley to be a maintainer, (SELinux upstream maintainer) but that should not slow this down. |
|
@rhatdan what's his GitHub id btw? |
|
@stephensmalley PTAL |
Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
|
We have enough votes here, @philips will call the vote later tonight on the mailing list. Thanks @opencontainers/tob and everyone for participating. |
Closes #27
Signed-off-by: Chris Aniszczyk caniszczyk@gmail.com