Re: .te files in packages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 26 Apr 2004 17:55, Andrew Farris <fedora@xxxxxxxxxxxxxxxx> wrote:
> On Wed, 2004-04-21 at 11:00 -0700, Shahms King wrote:
> > (I just subscribed, so I'm replying from the list archive...)
> >
> > Given that FC2 is no longer shipping with SELinux enabled by default, it
> > makes sense to have a separate policy package for individual packages,
> > IMHO.
>
> While this sounds like a neat idea.. I can see problems with it being
> used effectively.  What if a user has selinux disabled when they install
> a number of packages, and then decide to turn it on--the packages would
> have to be retrieved and installed before they could be used.  That
> could be frustrating, especially for network isolated machines.

The obvious solution to this is that policy files would be kept on the system 
regardless of whether SE Linux was active at installation time or not.  
Policy files are quite small...

> Might it be better to include the policy with the main package, to
> install the policy files into the policy source, but not to rebuild or
> reload the policy unless selinux was running.  As I understood..

Having the policy files for as many applications as possible in the 
policy-source package is good.  However we expect that our customers will 
want to build their own rpms of in-house software and that some vendors will 
want to produce rpms of proprietary software with SE Linux support.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux