[refpolicy] pptp_t vs pppd_t
mgrepl at redhat.com
Tue Jul 3 06:47:47 CDT 2012
On 07/03/2012 01:18 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 07/03/2012 01:43 AM, Russell Coker wrote:
>> Is there a real benefit in having separate domains for pptp and pppd?
>> The access that they have is very similar and the differences are things
>> that aren't so significant (EG pptp_t denied access to
>> Also both the programs can run each other (the policy allows pppd to run
>> pptpd and in my test network pptpd needs to run pppd) which limits the
>> ability to create a useful separation.
>> I think it would be best if we merged the two domains.
> I am always for merging domains together. I think we have far too many
> domains that basically have the security domain and just add complexity.
> Fedora consolidated all of the "spam" domains also.
> I really believe we should consolidate the mail domains. mail_t instead of
> sendmail_t, postfix_t, qmail_t, dovecot_t, courier_t ...
I agree with this. The question is whether it could be accepted?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> -----END PGP SIGNATURE-----
> refpolicy mailing list
> refpolicy at oss.tresys.com
More information about the refpolicy