Re: Not good

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Daniel J Walsh wrote:
Gene Czarcinski wrote:


I do believe that the policy packages needs some work:

1. Cannot be built in a private build tree (this possibly caused the "policy." problem which is fixed in 1.9.2-11 ... we will see if it builds in the private tree by a regular user).


This is a bug caused by the user being unable to read policy_config_t files (file_context)


I'm not sure I see what the "bug" is here. A "regular user" should not be building the policy for a system. A user should be able to build a private copy of the policy (eg, for testing, analysis, etc), but these files should have regular user file labels (i.e., *not* policy_config_t or policy_src_t). Any user/domain should be able to run checkpolicy, but much thought and consideration needs to be given as to which domains may run checkpolicy in the checkpolicy_t domain. Maybe I'm reading too much into this?


David

--
__________________________________

David Caplan     410 290 1411 x105
dac@xxxxxxxxxx
Tresys Technology, LLC
8840 Stanford Blvd., Suite 2100
Columbia, MD 21045

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux