cupsd: minor nit
Russell Coker
russell at coker.com.au
Mon Sep 12 14:19:55 UTC 2005
On Monday 12 September 2005 23:29, Tom London <selinux at gmail.com> wrote:
> > > It is created to cache some information which otherwise is read from
> > > the XML files in /usr/share/foomatic/db. The cache file is to speed
> > > up the process.
> > >
> > > Even if the directory exists, the file will need to be created.
> >
> > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168085
> >
> > I've submitted the above bugzilla requesting that the package provide
> > this directory. Tom, please review it and make any comments you consider
> > appropriate.
>
> The fix posted there is much better.
>
> Are there more services like this that we should review for
> directory-create in /var and other places? Will polyinstantiatiation help
> clean this up?
There are probably other services with the same issues.
PI will not help at all. The absolute last thing I want to see is multiple PI
versions of /var which will cause all sorts of problems for communications
between daemons (think about /var/log and /var/run, and I'm sure that some
daemons mess with other daemons' files under /var/cache).
I don't believe that there is any need for PI for anything other than files
and directories created by regular users. That means /tmp and a possibility
of home directories for different levels with MLS. I'm sure that someone
will disagree however and I am waiting for email debating this point.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list