2010-06-28 10:02:23

by Russell Coker

[permalink] [raw]
Subject: [refpolicy] mmcs patch

The attached patch adds Mandatory MCS functionality if the policy is built
with distro_debian defined.

Should we change that to enable_mandatory_mcs or something so that
distributions other than Debian can use it?

In any case I'd like to have it in the repository so it can be examined by
more people, maybe improved, maybe inspire others to do different and maybe
better things.

--
russell at coker.com.au
http://etbe.coker.com.au/ My Main Blog
http://doc.coker.com.au/ My Documents Blog
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mmcs.diff
Type: text/x-patch
Size: 1828 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100628/1211e047/attachment.bin


2010-06-28 13:27:53

by cpebenito

[permalink] [raw]
Subject: [refpolicy] mmcs patch

On Mon, 2010-06-28 at 20:02 +1000, Russell Coker wrote:
> The attached patch adds Mandatory MCS functionality if the policy is built
> with distro_debian defined.
>
> Should we change that to enable_mandatory_mcs or something so that
> distributions other than Debian can use it?
>
> In any case I'd like to have it in the repository so it can be examined by
> more people, maybe improved, maybe inspire others to do different and maybe
> better things.

If I recall correctly, there was a lot of opposition to this change,
since MCS was supposed to be discretionary. So I'll wait for comments.
Perhaps with it being optional now, there won't be objections.

In any case, In order for me to merge it, I'd rather see it as a
build.conf configuration option not tied to distribution. So
enable_mmcs or something similar, as you mentioned above.

--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com