On Mon, 26 Apr 2004 17:55, Andrew Farris <fedora@xxxxxxxxxxxxxxxx> wrote: > On Wed, 2004-04-21 at 11:00 -0700, Shahms King wrote: > > (I just subscribed, so I'm replying from the list archive...) > > > > Given that FC2 is no longer shipping with SELinux enabled by default, it > > makes sense to have a separate policy package for individual packages, > > IMHO. > > While this sounds like a neat idea.. I can see problems with it being > used effectively. What if a user has selinux disabled when they install > a number of packages, and then decide to turn it on--the packages would > have to be retrieved and installed before they could be used. That > could be frustrating, especially for network isolated machines. The obvious solution to this is that policy files would be kept on the system regardless of whether SE Linux was active at installation time or not. Policy files are quite small... > Might it be better to include the policy with the main package, to > install the policy files into the policy source, but not to rebuild or > reload the policy unless selinux was running. As I understood.. Having the policy files for as many applications as possible in the policy-source package is good. However we expect that our customers will want to build their own rpms of in-house software and that some vendors will want to produce rpms of proprietary software with SE Linux support. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
