[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: FC2 and FC1 and common home



Colin Walters (walters redhat com) said: 
> >  I'm willing
> > to bet that we'll get an application behavior change at some point
> > that's going to end up making the policy require a specific version of
> > some program. 
> 
> Why not have the package depend on a particular version of policy?

It would have to be conflicts, actually.

> > I don't think that they're really any more independent than the policy
> > _should_ be.  The policy for sendmail should have no relation to the
> > policy for httpd.  The two are orthogonal to each other. 
> 
> Not completely.  Both of them use mta.te.  If a security administrator
> wanted to change how mta.te worked, and the policies were all maintained
> centrally, they could modify both the sendmail.te and httpd.te files as
> necessary before actually installing the packages.  Otherwise they have
> to wait to install the package to get the policy, and installing it
> might fail due to the policy not compiling or something due to changes
> in mta.te.

httpd uses mta.te?  It's a seriously bad name, then.


Bill



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]