On Sat, 2007-10-20 at 14:59 +0200, Alexander Boström wrote: > lör 2007-10-20 klockan 11:52 +0300 skrev Panu Matilainen: > > > If each package were fully in control of it's own policies, > > storing the labels in packages themselves might make sense. > > I think it's good to keep in mind that SELinux is, as I see it, separate > from everything else _by design_. It's a firewall, it's a part of > multi-layer security. It's supposed to describe not really a policy but > rather "expected behaviour", in a form that is separate from the actual > policy and behaviour (the software itself). And have a separate package for its selinux parts, <package>-selinux (a'la *-debuginfo). That way, non-SELinux installs don't need to install them and the selinux bits can call on functions that only exist when SELinux is installed. And who knows ... if down-the-line fedora decides to shift to a different security policy, it'll be easier because it was cleanly separated in the packages. -- Richi Plana -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
