[refpolicy] some Debian specific patches
Russell Coker
russell at coker.com.au
Sat Jul 17 00:24:43 CDT 2010
On Tue, 13 Jul 2010, "Christopher J. PeBenito" <cpebenito at tresys.com> wrote:
> > It seems to me rather pointless to put in all these distro defines,
> > especially in file contexts - whatever distro you are running, if you
> > have a file at /usr/libexec/dcc/dbclean then you probably want it
> > labelled as dcc_dbclean_exec_t. And fcs for files that don't exist are
> > harmless beyond using a few bytes.
> >
> > However I leave that up to Chris,
>
> I tend to agree.
One benefit of distro defines in the file_contexts is that we know which
distributions they apply to. So if we have three distributions with different
directories used and two different versions of the daemon with different file
names then we can retire the old names in a sensible manner.
If there are no defines then it's difficult to determine who uses what.
Now we could have comments, but they aren't quite as good because there is no
requirement to keep them accurate.
--
russell at coker.com.au
http://etbe.coker.com.au/ My Main Blog
http://doc.coker.com.au/ My Documents Blog
More information about the refpolicy
mailing list