There are probably other services with the same issues.
PI will not help at all. The absolute last thing I want to see is multiple PI
versions of /var which will cause all sorts of problems for communications
between daemons (think about /var/log and /var/run, and I'm sure that some
daemons mess with other daemons' files under /var/cache).
I don't believe that there is any need for PI for anything other than files
and directories created by regular users. That means /tmp and a possibility
of home directories for different levels with MLS. I'm sure that someone
will disagree however and I am waiting for email debating this point.
OK, so the rubric here is that daemon-like services need to have their 'major' directory entries in places like /var created and labeled by their package, not created upon startup. This sounds quite reasonable.
So, the normal 'name space' conflicts will likely be detected during package install.
Do we need to be concerned with possible 'widening' conflicts on such directories (e.g., two packages wanting to 'own' the same directory, one with a 'wider' label)?
tom
--
Tom London
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
