cupsd: minor nit
Tom London
selinux at gmail.com
Mon Sep 12 15:30:37 UTC 2005
On 9/12/05, Russell Coker <russell at coker.com.au> wrote:
>
> There are probably other services with the same issues.
>
> PI will not help at all. The absolute last thing I want to see is multiple
> PI
> versions of /var which will cause all sorts of problems for communications
> between daemons (think about /var/log and /var/run, and I'm sure that some
> daemons mess with other daemons' files under /var/cache).
>
> I don't believe that there is any need for PI for anything other than
> files
> and directories created by regular users. That means /tmp and a
> possibility
> of home directories for different levels with MLS. I'm sure that someone
> will disagree however and I am waiting for email debating this point.
>
OK, so the rubric here is that daemon-like services need to have their
'major' directory entries in places like /var created and labeled by their
package, not created upon startup. This sounds quite reasonable.
So, the normal 'name space' conflicts will likely be detected during package
install.
Do we need to be concerned with possible 'widening' conflicts on such
directories (e.g., two packages wanting to 'own' the same directory, one
with a 'wider' label)?
tom
--
Tom London
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20050912/87191bcd/attachment.htm>
More information about the fedora-selinux-list
mailing list