Packaging selinux rules
Chris Ricker
kaboom at oobleck.net
Fri Jun 24 02:25:18 UTC 2005
On Thu, 23 Jun 2005, Jason L Tibbitts III wrote:
> >>>>> "CR" == Chris Ricker <kaboom at oobleck.net> writes:
>
> [Putting selinux policy in an extras package]
> CR> right now, no
>
> Is it just that there's no accepted way of doing it, or is there
> really no way to add on to an existing policy?
It's that there's no implemented mechanism that exists right now. Ideas
have been floated, but I don't know if anyone's actively working on
them....
> Surely we can't expect to get a policy for every package that might
> need one into the core. Even if the policy maintainers are receptive to
> doing this (which I understand they are), it introduces unnecessary
> dependencies into the process.
But for now, it's all we've got. And there are actually some good points
to the current model (which would you rather trust on your system? The
policy you get after installing a random package I've put in extras which
contains the policy -- good, bad, or malicious -- I think it should have;
or the centralized and widely scrutinized policy from core which has been
carefully extended to cover a random package I've put in extras?)
later,
chris
More information about the fedora-extras-list
mailing list