On Mon, 2009-06-08 at 21:07 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_shorewall.patch
>
> Shorewall policy
I don't understand why this is written as a service. As far as I can
tell from the documentation, its not a service; it just does iptables
configuration.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
On 06/22/2009 09:59 AM, Christopher J. PeBenito wrote:
> On Mon, 2009-06-08 at 21:07 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_shorewall.patch
>>
>> Shorewall policy
>
> I don't understand why this is written as a service. As far as I can
> tell from the documentation, its not a service; it just does iptables
> configuration.
>
I got this from someone else. So you think it should just be added to
iptables config.
On Mon, 2009-06-22 at 16:45 -0400, Daniel J Walsh wrote:
> On 06/22/2009 09:59 AM, Christopher J. PeBenito wrote:
> > On Mon, 2009-06-08 at 21:07 -0400, Daniel J Walsh wrote:
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_shorewall.patch
> >>
> >> Shorewall policy
> >
> > I don't understand why this is written as a service. As far as I can
> > tell from the documentation, its not a service; it just does iptables
> > configuration.
>
> I got this from someone else. So you think it should just be added to
> iptables config.
Not necessarily. It may be sufficient to change the
init_daemon_domain() to init_system_domain and then moving it into admin
layer.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
On 06/23/2009 08:35 AM, Christopher J. PeBenito wrote:
> On Mon, 2009-06-22 at 16:45 -0400, Daniel J Walsh wrote:
>> On 06/22/2009 09:59 AM, Christopher J. PeBenito wrote:
>>> On Mon, 2009-06-08 at 21:07 -0400, Daniel J Walsh wrote:
>>>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_shorewall.patch
>>>>
>>>> Shorewall policy
>>> I don't understand why this is written as a service. As far as I can
>>> tell from the documentation, its not a service; it just does iptables
>>> configuration.
>> I got this from someone else. So you think it should just be added to
>> iptables config.
>
> Not necessarily. It may be sufficient to change the
> init_daemon_domain() to init_system_domain and then moving it into admin
> layer.
>
Miroslav wrote the domain, so I guess it is between you two. I think
the init_system_domain is fine.
On 06/23/2009 03:13 PM, Daniel J Walsh wrote:
> On 06/23/2009 08:35 AM, Christopher J. PeBenito wrote:
>> On Mon, 2009-06-22 at 16:45 -0400, Daniel J Walsh wrote:
>>> On 06/22/2009 09:59 AM, Christopher J. PeBenito wrote:
>>>> On Mon, 2009-06-08 at 21:07 -0400, Daniel J Walsh wrote:
>>>>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_shorewall.patch
>>>>>
>>>>>
>>>>> Shorewall policy
>>>> I don't understand why this is written as a service. As far as I can
>>>> tell from the documentation, its not a service; it just does iptables
>>>> configuration.
>>> I got this from someone else. So you think it should just be added to
>>> iptables config.
>>
>> Not necessarily. It may be sufficient to change the
>> init_daemon_domain() to init_system_domain and then moving it into admin
>> layer.
>>
>
> Miroslav wrote the domain, so I guess it is between you two. I think
> the init_system_domain is fine.
Right now I am testing what Chris suggests. It seems fine.