2009-05-21 15:38:31

by Daniel Walsh

[permalink] [raw]
Subject: [refpolicy] Rules.modular.patch

http://people.fedoraproject.org/~dwalsh/SELinux/F11/Rules.modular.patch

Do not call per_role extension automagically.


2009-05-27 13:03:21

by cpebenito

[permalink] [raw]
Subject: [refpolicy] Rules.modular.patch

On Thu, 2009-05-21 at 11:38 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/Rules.modular.patch
>
> Do not call per_role extension automagically.

I have to leave this upstream for some time, for compatibility.

--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

2009-05-27 15:23:11

by Daniel Walsh

[permalink] [raw]
Subject: [refpolicy] Rules.modular.patch

On 05/27/2009 09:03 AM, Christopher J. PeBenito wrote:
> On Thu, 2009-05-21 at 11:38 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/Rules.modular.patch
>>
>> Do not call per_role extension automagically.
>
> I have to leave this upstream for some time, for compatibility.
>
But isn't this the problem, we should be moving forward and eliminating
all of the old RHEL4 stuff. As we move forward we need a mechanism to
clean the old cruft out. I think this was a bad decision that we came
up with many years ago, and we need to get rid if it.

2009-05-27 15:35:38

by cpebenito

[permalink] [raw]
Subject: [refpolicy] Rules.modular.patch

On Wed, 2009-05-27 at 11:23 -0400, Daniel J Walsh wrote:
> On 05/27/2009 09:03 AM, Christopher J. PeBenito wrote:
> > On Thu, 2009-05-21 at 11:38 -0400, Daniel J Walsh wrote:
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F11/Rules.modular.patch
> >>
> >> Do not call per_role extension automagically.
> >
> > I have to leave this upstream for some time, for compatibility.
> >
> But isn't this the problem, we should be moving forward and eliminating
> all of the old RHEL4 stuff. As we move forward we need a mechanism to
> clean the old cruft out. I think this was a bad decision that we came
> up with many years ago, and we need to get rid if it.

This isn't specific to RHEL4. There are no longer any of these
templates upstream, so it doesn't hurt to leave it. There may be usage
of these in 3rd party modules, and we won't break them with too short of
an update period. I certainly have no problem with you removing it in
Fedora, but it has to stay in the upstream for now.

--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

2009-05-27 15:38:52

by joe

[permalink] [raw]
Subject: [refpolicy] Rules.modular.patch


On May 27, 2009, at 10:23 AM, Daniel J Walsh wrote:

> On 05/27/2009 09:03 AM, Christopher J. PeBenito wrote:
>> On Thu, 2009-05-21 at 11:38 -0400, Daniel J Walsh wrote:
>>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/Rules.modular.patch
>>>
>>> Do not call per_role extension automagically.
>>
>> I have to leave this upstream for some time, for compatibility.
>>
> But isn't this the problem, we should be moving forward and
> eliminating
> all of the old RHEL4 stuff. As we move forward we need a mechanism to
> clean the old cruft out. I think this was a bad decision that we came
> up with many years ago, and we need to get rid if it.

I would like to second the request to depreciate/eliminate the
automatic per-role extensions.

joe