A few notes
Well, as you can see, this is not complete yet. If you have any question, feel free to ask.
Arch is a distributed Version Control System; in my opinion, it is the best free SCM-solution available currently. The best way to get an initial overview over Arch is to visit the GNU-Arch-Wiki which is evolving at a high pace.
I currently use Arch to manage the policy on my local workstation and plan to use it for a whole network of Linux-Clients. There are many ways to use Arch, I just describe one way which I found convenient for me.
On every computer, I have a local archive (under /root/arch/selinux/). This archive is used to hold local changes. If I want to integrate changes from the main policy, I star-merge from tbleher@gmx.de--selinux/policy--snapshot--0, correct possible conflicts and commit to my local archive.
# do the following as root: # set your user identity. This is used eg for log messages tla my-id "Joe Admin (root) <root@your.computer.name.com>" # register-archive connects the archive-name with a location on the net tla register-archive tbleher@gmx.de--selinux http://www.cip.ifi.lmu.de/~bleher/arch/selinux/ # make-archive creates a new archive: the first parameter gives the # name of your archive, which should be your email-Address followed by # two dashes followed by an identifier. # the second parameter gives the location of your archive. You will # never have to work directly in this directory; you can choose it arbitrarily. tla make-archive root@your.computer.name.com--selinux /root/arch/selinux tla my-default-archive root@your.computer.name.com--selinux # branch policy--snapshot--0 into your local archive tla tag -S tbleher@gmx.de--selinux/policy--snapshot--0 policy--default--0 # make /etc/selinux a working copy of your archive tla get policy--default--0 /etc/selinux
Most often you will just want to bring your archive in sync with the latest policy from CVS. This is done by a simple
cd /etc/selinux tla star-merge tbleher@gmx.de--selinux/policy--snapshot--0 # to view the changes: tla what-changed --diffs | less # ... possibly change something, correct rejects tla commit -L 'resync with CVS'