.te files in packages
Russell Coker
russell at coker.com.au
Mon Apr 26 21:58:57 UTC 2004
On Mon, 26 Apr 2004 17:55, Andrew Farris <fedora at andrewfarris.com> wrote:
> On Wed, 2004-04-21 at 11:00 -0700, Shahms King wrote:
> > (I just subscribed, so I'm replying from the list archive...)
> >
> > Given that FC2 is no longer shipping with SELinux enabled by default, it
> > makes sense to have a separate policy package for individual packages,
> > IMHO.
>
> While this sounds like a neat idea.. I can see problems with it being
> used effectively. What if a user has selinux disabled when they install
> a number of packages, and then decide to turn it on--the packages would
> have to be retrieved and installed before they could be used. That
> could be frustrating, especially for network isolated machines.
The obvious solution to this is that policy files would be kept on the system
regardless of whether SE Linux was active at installation time or not.
Policy files are quite small...
> Might it be better to include the policy with the main package, to
> install the policy files into the policy source, but not to rebuild or
> reload the policy unless selinux was running. As I understood..
Having the policy files for as many applications as possible in the
policy-source package is good. However we expect that our customers will
want to build their own rpms of in-house software and that some vendors will
want to produce rpms of proprietary software with SE Linux support.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list