cupsd: minor nit

Russell Coker russell at
Mon Sep 12 14:19:55 UTC 2005

On Monday 12 September 2005 23:29, Tom London <selinux at> wrote:
> > > It is created to cache some information which otherwise is read from
> > > the XML files in /usr/share/foomatic/db. The cache file is to speed
> > > up the process.
> > >
> > > Even if the directory exists, the file will need to be created.
> >
> >
> >
> > I've submitted the above bugzilla requesting that the package provide
> > this directory. Tom, please review it and make any comments you consider
> > appropriate.
> The fix posted there is much better.
> Are there more services like this that we should review for
> directory-create in /var and other places? Will polyinstantiatiation help
> clean this up?

There are probably other services with the same issues.

PI will not help at all.  The absolute last thing I want to see is multiple PI 
versions of /var which will cause all sorts of problems for communications 
between daemons (think about /var/log and /var/run, and I'm sure that some 
daemons mess with other daemons' files under /var/cache).

I don't believe that there is any need for PI for anything other than files 
and directories created by regular users.  That means /tmp and a possibility 
of home directories for different levels with MLS.  I'm sure that someone 
will disagree however and I am waiting for email debating this point.

--   My NSA Security Enhanced Linux packages  Bonnie++ hard drive benchmark    Postal SMTP/POP benchmark  My home page

More information about the fedora-selinux-list mailing list