FC2 and FC1 and common home
Bill Nottingham
notting at redhat.com
Wed Apr 7 21:03:53 UTC 2004
Colin Walters (walters at redhat.com) said:
> > I'm willing
> > to bet that we'll get an application behavior change at some point
> > that's going to end up making the policy require a specific version of
> > some program.
>
> Why not have the package depend on a particular version of policy?
It would have to be conflicts, actually.
> > I don't think that they're really any more independent than the policy
> > _should_ be. The policy for sendmail should have no relation to the
> > policy for httpd. The two are orthogonal to each other.
>
> Not completely. Both of them use mta.te. If a security administrator
> wanted to change how mta.te worked, and the policies were all maintained
> centrally, they could modify both the sendmail.te and httpd.te files as
> necessary before actually installing the packages. Otherwise they have
> to wait to install the package to get the policy, and installing it
> might fail due to the policy not compiling or something due to changes
> in mta.te.
httpd uses mta.te? It's a seriously bad name, then.
Bill
More information about the fedora-devel-list
mailing list