[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Packaging selinux rules



On Thu, 23 Jun 2005, Jason L Tibbitts III wrote:

> >>>>> "CR" == Chris Ricker <kaboom oobleck net> writes:
> 
> [Putting selinux policy in an extras package]
> CR> right now, no
> 
> Is it just that there's no accepted way of doing it, or is there
> really no way to add on to an existing policy?

It's that there's no implemented mechanism that exists right now. Ideas 
have been floated, but I don't know if anyone's actively working on 
them....

>  Surely we can't expect to get a policy for every package that might 
> need one into the core. Even if the policy maintainers are receptive to 
> doing this (which I understand they are), it introduces unnecessary 
> dependencies into the process.

But for now, it's all we've got. And there are actually some good points 
to the current model (which would you rather trust on your system? The 
policy you get after installing a random package I've put in extras which 
contains the policy -- good, bad, or malicious -- I think it should have; 
or the centralized and widely scrutinized policy from core which has been 
carefully extended to cover a random package I've put in extras?)

later,
chris


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]