[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFR] templates://tomoyo-tools/{tomoyo-tools.templates}

Christian PERRIER wrote:
> Please find, for review, the debconf templates for the tomoyo-tools
> source package. As usual recently, I've been lazy and left the package
> descriptions to Justin..:-)

That's fine!

[...]
>  _Description: Enable Tomoyo Linux in boot time?
                        ^^^^^^       ^^
"At" boot time; and upstream insist on a shouty brandname.

> - To enable Tomoyo, you should set GRUB_CMDLINE_LINUX="security=tomoyo" in
> - /etc/default/grub and run grub-update to use it with your Linux kernel in
> - next boot time. This config will enable it automatically.
> + Enabling Tomoyo requires setting GRUB_CMDLINE_LINUX="security=tomoyo" in
> + /etc/default/grub and running grub-update to use it with the installed
> + Linux kernel.

What does the "with the installed Linux kernel" part actually mean,
here?  I mean, you can't use it or anything much else *without* the
kernel, and on Debian there's a crucial distinction between an
*installed* kernel and the *running* kernel.  What it's trying to say
is something like "to enable TOMOYO functionality", and that was what
the sentence started by saying!

    Enabling TOMOYO Linux functionality in the running kernel requires an
    appropriate kernel commandline at boot time. This can be configured by
    setting GRUB_CMDLINE_LINUX="security=tomoyo" in /etc/default/grub and
    running grub-update.

(This also doesn't outright prohibit doing it all the hard way via
LILO or something.)

>   .
> - If you would not accept it, you should set it by your own hand later.
> + If you accept here, these actions will be performed automatically and
> + Tomoyo Linux will be ebabled at next boot.
    TOMOYO               enabled
 
> I actually wonder about "in boot time". Shouldn't it be "at boot", or
> "at next boot"...or even just "Enable Tomoyo Linux" (as it will be
> enabled not only at next boot!).

It'll be enabled at boot, and it'll be enabled from then on.
 
> My other changes involve changing the structure of the sentence. I'm
> not exactly sure whether making a verb the subject of another verb is
> something common in English, so that sentence might be Frenglish.

It worked, but I've accidentally cut it in half.
 
> I changed the last paragraph to explain what happens if one answers
> "yes" to the question....with the consequence that having to do things
> manually if one answers "no" is implicit. I think it makes more sense
> but your mileage may vary.

Our odomoters are in sync.  Now on to the control file:

> Package: tomoyo-tools
[...]
> Description: Lightweight and easy-use Mandatory Access Control for Linux

A synopsis this long would be okay if we didn't also need an extended
version for libtomoyotools3.

No need for initial capital L; and "easy-use" should be "easy-to-use",
but I'll need to cut it for space.

The trouble with "Mandatory Access Control" is that it's a slightly
odd abstraction; we can't quite say that tomoyo-tools *is* Mandatory
Access Control.  The best I can come up with is:

  Description: lightweight Linux Mandatory Access Control system

>  TOMOYO Linux is Lightweight and Usable Mandatory Access Control with
>   - "automatic policy configuring" feature by "LEARNING mode"
>   - administrators friendly policy language
>   - no need libselinux nor userland program modifications

It would take a while to explain why, but let's just say I'd prefer:

   TOMOYO Linux is a lightweight and easy-to-use path-based Mandatory
   Access Control (MAC) implementation with:
    * automatic policy configuration via "learning" mode;
    * an administrator-friendly policy language;
    * no need for SELinux, or userland program modifications.
       
(I've added "path-based" because Wikipedia's comparison of MAC systems
tells me that the crucial difference in philosophy between this and
SELinux is that the latter has a label-based approach.)

>  .
>  TOMOYO Linux consists of patches to Linux kernel and administrative 
>  utilities, and this package contains its audit daemon and tools.

Now that even Squeeze kernels have CONFIG_SECURITY_TOMOYO=y there's
little need for tomoyo-tools users to know anything about the history
of the project.  Focus attention on what's in the package:

   This package provides the audit daemon and administrative utilities for
   use on a Linux kernel with TOMOYO support (standard in Debian kernels).
       
> Package: libtomoyotools3
> Section: libs
> Depends: ${shlibs:Depends}, ${misc:Depends}
> Conflicts: libtomoyotools1, libtomoyotools2
> Architecture: linux-any
> Recommends: tomoyo-tools

Isn't that a dependency loop?  Tone it down to a "Suggests".

> Description: Lightweight and easy-use Mandatory Access Control for Linux (shared libraries)

  Description: lightweight Linux Mandatory Access Control system - library

(I'm assuming that one .so file equals one shared library.)

>  TOMOYO Linux is Lightweight and Usable Mandatory Access Control with
>   - "automatic policy configuring" feature by "LEARNING mode"
>   - administrators friendly policy language
>   - no need libselinux nor userland program modifications

As above.

>  .
>  TOMOYO Linux consists of patches to Linux kernel and administrative 
>  utilities, and this package contains its audit daemon and tools.

That's a big fat lie!

>  .
>  Shared library used by the utilities in the tomoyo-tools package.

Yes, that makes more sense.  Full sentence version:

   This package provides the shared library used by the utilities in the
   tomoyo-tools package.

ObWhyTheName: no idea, beyond the fact it's a Japanese girl's name.
-- 
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package

diff -ru old/control new/control
--- old/control	2012-07-03 20:50:24.659392578 +0100
+++ new/control	2012-07-03 22:44:09.363392454 +0100
@@ -14,14 +14,15 @@
 Depends: ${misc:Depends}, ${shlibs:Depends}
 Conflicts: tomoyo-ccstools, tomoyo-ccstools1.7
 Replaces: tomoyo-ccstools, tomoyo-ccstools1.7
-Description: Lightweight and easy-use Mandatory Access Control for Linux
- TOMOYO Linux is Lightweight and Usable Mandatory Access Control with
-  - "automatic policy configuring" feature by "LEARNING mode"
-  - administrators friendly policy language
-  - no need libselinux nor userland program modifications
+Description: lightweight Linux Mandatory Access Control system
+ TOMOYO Linux is a lightweight and easy-to-use path-based Mandatory
+ Access Control (MAC) implementation with:
+  * automatic policy configuration via "learning" mode;
+  * an administrator-friendly policy language;
+  * no need for SELinux, or userland program modifications.
  .
- TOMOYO Linux consists of patches to Linux kernel and administrative 
- utilities, and this package contains its audit daemon and tools.
+ This package provides the audit daemon and administrative utilities for
+ use on a Linux kernel with TOMOYO support (standard in Debian kernels).
 
 Package: libtomoyotools3
 Section: libs
@@ -29,13 +30,12 @@
 Conflicts: libtomoyotools1, libtomoyotools2
 Architecture: linux-any
 Recommends: tomoyo-tools
-Description: Lightweight and easy-use Mandatory Access Control for Linux (shared libraries)
- TOMOYO Linux is Lightweight and Usable Mandatory Access Control with
-  - "automatic policy configuring" feature by "LEARNING mode"
-  - administrators friendly policy language
-  - no need libselinux nor userland program modifications
+Description: lightweight Linux Mandatory Access Control system - library
+ TOMOYO Linux is a lightweight and easy-to-use path-based Mandatory
+ Access Control (MAC) implementation with:
+  * automatic policy configuration via "learning" mode;
+  * an administrator-friendly policy language;
+  * no need for SELinux, or userland program modifications.
  .
- TOMOYO Linux consists of patches to Linux kernel and administrative 
- utilities, and this package contains its audit daemon and tools.
- .
- Shared library used by the utilities in the tomoyo-tools package.
+ This package provides the shared library used by the utilities in the
+ tomoyo-tools package.
diff -ru old/tomoyo-tools.templates new/tomoyo-tools.templates
--- old/tomoyo-tools.templates	2012-07-03 20:50:23.019392612 +0100
+++ new/tomoyo-tools.templates	2012-07-03 22:45:47.975394084 +0100
@@ -1,9 +1,11 @@
 Template: tomoyo-tools/grub
 Type: boolean
 Default: false
-_Description: Enable Tomoyo Linux in boot time?
- To enable Tomoyo, you should set GRUB_CMDLINE_LINUX="security=tomoyo" in
- /etc/default/grub and run grub-update to use it with your Linux kernel in
- next boot time. This config will enable it automatically.
+_Description: Enable TOMOYO Linux at boot time?
+ Enabling TOMOYO Linux functionality in the running kernel requires an
+ appropriate kernel commandline at boot time. This can be configured by
+ setting GRUB_CMDLINE_LINUX="security=tomoyo" in /etc/default/grub and
+ running grub-update.
  .
- If you would not accept it, you should set it by your own hand later.
+ If you accept here, these actions will be performed automatically and
+ TOMOYO Linux will be enabled at next boot.

Template: tomoyo-tools/grub
Type: boolean
Default: false
_Description: Enable TOMOYO Linux at boot time?
 Enabling TOMOYO Linux functionality in the running kernel requires an
 appropriate kernel commandline at boot time. This can be configured by
 setting GRUB_CMDLINE_LINUX="security=tomoyo" in /etc/default/grub and
 running grub-update.
 .
 If you accept here, these actions will be performed automatically and
 TOMOYO Linux will be enabled at next boot.

Source: tomoyo-tools
Section: admin
Priority: extra
Maintainer: Hideki Yamane <henrich@debian.org>
Homepage: http://tomoyo.sourceforge.jp/
Build-Depends: debhelper (>= 9), libncurses5-dev, libreadline-dev, po-debconf
Standards-Version: 3.9.3
Vcs-Git: git://git.debian.org/collab-maint/tomoyo-tools.git
Vcs-Browser: http://git.debian.org/?p=collab-maint/tomoyo-tools.git

Package: tomoyo-tools
Architecture: linux-any
Pre-Depends: debconf
Depends: ${misc:Depends}, ${shlibs:Depends}
Conflicts: tomoyo-ccstools, tomoyo-ccstools1.7
Replaces: tomoyo-ccstools, tomoyo-ccstools1.7
Description: lightweight Linux Mandatory Access Control system
 TOMOYO Linux is a lightweight and easy-to-use path-based Mandatory
 Access Control (MAC) implementation with:
  * automatic policy configuration via "learning" mode;
  * an administrator-friendly policy language;
  * no need for SELinux, or userland program modifications.
 .
 This package provides the audit daemon and administrative utilities for
 use on a Linux kernel with TOMOYO support (standard in Debian kernels).

Package: libtomoyotools3
Section: libs
Depends: ${shlibs:Depends}, ${misc:Depends}
Conflicts: libtomoyotools1, libtomoyotools2
Architecture: linux-any
Recommends: tomoyo-tools
Description: lightweight Linux Mandatory Access Control system - library
 TOMOYO Linux is a lightweight and easy-to-use path-based Mandatory
 Access Control (MAC) implementation with:
  * automatic policy configuration via "learning" mode;
  * an administrator-friendly policy language;
  * no need for SELinux, or userland program modifications.
 .
 This package provides the shared library used by the utilities in the
 tomoyo-tools package.
Reply to: