On Jan 20, 2017 21:57, "Adam Williamson" <adamwill@xxxxxxxxxxxxxxxxx> wrote:
On Fri, 2017-01-20 at 19:48 -0700, Orion Poplawski wrote:Well, I dunno about policy. I was just talking about what I've heard
> On 01/20/2017 05:18 PM, Adam Williamson wrote:
> > On Sat, 2017-01-21 at 01:13 +0100, Kevin Kofler wrote:
> > > Only the NSA can think that
> > > duplicating knowledge about ALL programs in the distribution in a single
> > > central database (single point of failure) can ever scale.
> >
> > By the way, this isn't true at all. Most packages can and, these days,
> > are encouraged to ship their own SELinux policies. In Fedora currently,
> > I see:
> >
> > copr-selinux
> > cockpit-selinux
> > drraw-selinux
> > gcl-selinux
> > websvn-selinux
> > totpcgi-selinux
> > vfrnav-selinux
> > dist-git-selinux
> >
> > etc, etc, etc.
> >
>
> Really? This is news to me (and I'm on the FPC).
>
> I see these drafts:
> https://fedoraproject.org/wiki/PackagingDrafts/SELinux
> https://fedoraproject.org/wiki/SELinux_Policy_Modules_ Packaging_Draft
>
> but that's it.
from SELinux maintainers. Last few times I've asked about getting
policy extended to cover new things, the suggestion was just to include
a policy with the thing.
--
Yes, every app should be self sufficient. Carry your own log rotation rules, SELinux policy, firewall rules, init files.
Have a to depend on the merge to central policy file is just not scalable for an ecosystem.
Subhendu
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
