>From a casual inspection it seems that no daemons call the interfaces for
authbind.
Authbind has not been tested in Debian for many years, has it ever been tested
in any other distribution?
The purpose of authbind is removed by the fact that SE Linux can restrict
daemons which run as root.
I don't think that there is a good cause to have authbind policy in the
archive and it currently doesn't work. So I think it should be removed.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
On Tue, 2014-01-14 at 15:12 +1100, Russell Coker wrote:
> >From a casual inspection it seems that no daemons call the interfaces for
> authbind.
>
> Authbind has not been tested in Debian for many years, has it ever been tested
> in any other distribution?
>
> The purpose of authbind is removed by the fact that SE Linux can restrict
> daemons which run as root.
>
> I don't think that there is a good cause to have authbind policy in the
> archive and it currently doesn't work. So I think it should be removed.
>
You do not have to install that module. If you don't want it then just
remove it from your modules.conf, or do semodule -r authbind if its
already installed.
On Tue, 14 Jan 2014, Dominick Grift <[email protected]> wrote:
> You do not have to install that module. If you don't want it then just
> remove it from your modules.conf, or do semodule -r authbind if its
> already installed.
What is the point in having dead code in the repository?
Code that is in the repository may be copied by other people, code that starts
with the letter 'a' is more likely to be copied. We don't want bad code
copied to make more bad code.
The existence of the policy files will lead people to believe that it will
work, it won't. It will also lead people to believe that it's a good idea, on
a SE Linux system it really isn't.
In retrospect I probably shouldn't have even written that policy module. At
the time we converted to modular policy whoever wasted time on converting it
shouldn't have done so. It's about 10 years overdue for that module to be
removed.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
On Tue, 2014-01-14 at 21:52 +1100, Russell Coker wrote:
> On Tue, 14 Jan 2014, Dominick Grift <[email protected]> wrote:
> > You do not have to install that module. If you don't want it then just
> > remove it from your modules.conf, or do semodule -r authbind if its
> > already installed.
>
> What is the point in having dead code in the repository?
You have a point but it's not that compelling to me. There is plenty
(what i would consider) dead policy in contrib and as long as its not in
the way i personally do not really think it has much priority to remove
it.
With the base repository it is bit of a different story as far as i am
concerned.
But this is just for discussion purposes. If others have a different
opinion then obviously i will just go with the flow of the majority.
On 01/14/14 06:15, Dominick Grift wrote:
> On Tue, 2014-01-14 at 21:52 +1100, Russell Coker wrote:
>> On Tue, 14 Jan 2014, Dominick Grift <[email protected]> wrote:
>>> You do not have to install that module. If you don't want it then just
>>> remove it from your modules.conf, or do semodule -r authbind if its
>>> already installed.
>>
>> What is the point in having dead code in the repository?
>
> You have a point but it's not that compelling to me. There is plenty
> (what i would consider) dead policy in contrib and as long as its not in
> the way i personally do not really think it has much priority to remove
> it.
>
> With the base repository it is bit of a different story as far as i am
> concerned.
Looking at the policy, my guess is that its nowhere near working. As Russell has pointed out, is been in existence for eons and hasn't improved. Since no one seems to have any interest in using it and it's broken, I'm fine removing it. It's still revision controlled, so if there is future interest, it can still be retrieved from the git history (not that there is much to the policy if it needs to be remade).
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
On Tuesday, 14 January 2014 8:41:32 AM AEDT Christopher J. PeBenito wrote:
> On 01/14/14 06:15, Dominick Grift wrote:
> > On Tue, 2014-01-14 at 21:52 +1100, Russell Coker wrote:
> >> On Tue, 14 Jan 2014, Dominick Grift <[email protected]> wrote:
> >>> You do not have to install that module. If you don't want it then just
> >>> remove it from your modules.conf, or do semodule -r authbind if its
> >>> already installed.
> >>
> >> What is the point in having dead code in the repository?
> >
> > You have a point but it's not that compelling to me. There is plenty
> > (what i would consider) dead policy in contrib and as long as its not in
> > the way i personally do not really think it has much priority to remove
> > it.
> >
> > With the base repository it is bit of a different story as far as i am
> > concerned.
>
> Looking at the policy, my guess is that its nowhere near working. As
> Russell has pointed out, is been in existence for eons and hasn't improved.
> Since no one seems to have any interest in using it and it's broken, I'm
> fine removing it. It's still revision controlled, so if there is future
> interest, it can still be retrieved from the git history (not that there is
> much to the policy if it needs to be remade).
Almost 3 years later and it's still in the repository, are we going to remove
it?
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
On 11/22/16 19:57, Russell Coker via refpolicy wrote:
> On Tuesday, 14 January 2014 8:41:32 AM AEDT Christopher J. PeBenito wrote:
>> On 01/14/14 06:15, Dominick Grift wrote:
>>> On Tue, 2014-01-14 at 21:52 +1100, Russell Coker wrote:
>>>> On Tue, 14 Jan 2014, Dominick Grift <[email protected]> wrote:
>>>>> You do not have to install that module. If you don't want it then just
>>>>> remove it from your modules.conf, or do semodule -r authbind if its
>>>>> already installed.
>>>>
>>>> What is the point in having dead code in the repository?
>>>
>>> You have a point but it's not that compelling to me. There is plenty
>>> (what i would consider) dead policy in contrib and as long as its not in
>>> the way i personally do not really think it has much priority to remove
>>> it.
>>>
>>> With the base repository it is bit of a different story as far as i am
>>> concerned.
>>
>> Looking at the policy, my guess is that its nowhere near working. As
>> Russell has pointed out, is been in existence for eons and hasn't improved.
>> Since no one seems to have any interest in using it and it's broken, I'm
>> fine removing it. It's still revision controlled, so if there is future
>> interest, it can still be retrieved from the git history (not that there is
>> much to the policy if it needs to be remade).
>
> Almost 3 years later and it's still in the repository, are we going to remove
> it?
Thanks for the reminder. It's gone.
--
Chris PeBenito