package review?

[Wart]

Paul Howarth wrote:
> On Fri, 2006-07-21 at 14:14 -0700, Michael Thomas wrote:
> 
>>>You should check that the transition has happened by running ps with the
>>>"-Z" option to show the process context when you're running the
>>>application.
>>
>>It shows up as crossfire_exec_t because...
> 
> 
> crossfire_exec_t? Not crossfire_t?

You're right, it is user_u:system_r:crossfire_t

>>>>Some things that would be nice to clarify:
>>>>
>>>>Should selinux be added as a subpackage or automatically included in the
>>>>base package?
>>>
>>>
>>>I don't have a strong opinion either way on this. I've tended to stick
>>>to keeping everything together because I find it easier to manage that
>>>way. As long as the SELinux bits don't get in the way of people not
>>>using them, I don't think it's a problem.
>>
>>I think I would prefer to use a separate package (not integrated with
>>the base package), so that the policy can be turned on and off by simply
>>installing/uninstalling the -selinux package.
> 
> 
> Bear in mind that there should be a crossfire_disable_trans boolean that
> would turn off the policy (or rather the transition to crossfire_t) when
> set, without having to uninstall the policy.

Is it enough to add the boolean to crossfire.te, or do I need to add
anything in the .if file as well?

type crossfire_t;
type crossfire_exec_t;
domain_type(crossfire_t)
init_daemon_domain(crossfire_t, crossfire_exec_t)
bool crossfire_disable_trans;

--Mike