diff --git a/policy/modules/services/mailman.fc b/policy/modules/services/mailman.fc
index 839017f..3199d21 100644
--- a/policy/modules/services/mailman.fc
+++ b/policy/modules/services/mailman.fc
@@ -31,3 +31,8 @@ ifdef(`distro_redhat', `
/var/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
/var/spool/mailman(/.*)? gen_context(system_u:object_r:mailman_data_t,s0)
')
+
+ifdef(`distro_debian', `
+/var/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
+')
+
--
A beautiful woman is a blessing from Heaven, but a good cigar is a
smoke. Kipling
Manoj Srivastava <[email protected]> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
On 07/01/2009 11:21 AM, Manoj Srivastava wrote:
> diff --git a/policy/modules/services/mailman.fc b/policy/modules/services/mailman.fc
> index 839017f..3199d21 100644
> --- a/policy/modules/services/mailman.fc
> +++ b/policy/modules/services/mailman.fc
> @@ -31,3 +31,8 @@ ifdef(`distro_redhat', `
> /var/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
> /var/spool/mailman(/.*)? gen_context(system_u:object_r:mailman_data_t,s0)
> ')
> +
> +ifdef(`distro_debian', `
> +/var/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
> +')
> +
>
Why not remove the ifdef distro...*
We should not be adding ifdef distro unless the distros conflict on
labels. I don't imagine any distro is going to have /var/lock/mailman
be anything other them mailman_lock_t.
Several times I have had to move a label out of ifdef...debian because
fedora moved to the same labeling.
I think we should add as few ifdef(`disto into fc files as possible.
On Wed, 2009-07-01 at 12:54 -0400, Daniel J Walsh wrote:
> On 07/01/2009 11:21 AM, Manoj Srivastava wrote:
> > diff --git a/policy/modules/services/mailman.fc b/policy/modules/services/mailman.fc
> > index 839017f..3199d21 100644
> > --- a/policy/modules/services/mailman.fc
> > +++ b/policy/modules/services/mailman.fc
> > @@ -31,3 +31,8 @@ ifdef(`distro_redhat', `
> > /var/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
> > /var/spool/mailman(/.*)? gen_context(system_u:object_r:mailman_data_t,s0)
> > ')
> > +
> > +ifdef(`distro_debian', `
> > +/var/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
> > +')
> > +
> >
> Why not remove the ifdef distro...*
>
> We should not be adding ifdef distro unless the distros conflict on
> labels. I don't imagine any distro is going to have /var/lock/mailman
> be anything other them mailman_lock_t.
>
> Several times I have had to move a label out of ifdef...debian because
> fedora moved to the same labeling.
>
> I think we should add as few ifdef(`disto into fc files as possible.
I would tend to agree, though I suspect I'm a little more liberal with
their usage than Dan is.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
On Mon, Jul 06 2009, Christopher J. PeBenito wrote:
> On Wed, 2009-07-01 at 12:54 -0400, Daniel J Walsh wrote:
>> On 07/01/2009 11:21 AM, Manoj Srivastava wrote:
>> > diff --git a/policy/modules/services/mailman.fc b/policy/modules/services/mailman.fc
>> > index 839017f..3199d21 100644
>> > --- a/policy/modules/services/mailman.fc
>> > +++ b/policy/modules/services/mailman.fc
>> > @@ -31,3 +31,8 @@ ifdef(`distro_redhat', `
>> > /var/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
>> > /var/spool/mailman(/.*)? gen_context(system_u:object_r:mailman_data_t,s0)
>> > ')
>> > +
>> > +ifdef(`distro_debian', `
>> > +/var/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
>> > +')
>> > +
>> >
>> Why not remove the ifdef distro...*
>>
>> We should not be adding ifdef distro unless the distros conflict on
>> labels. I don't imagine any distro is going to have /var/lock/mailman
>> be anything other them mailman_lock_t.
>>
>> Several times I have had to move a label out of ifdef...debian because
>> fedora moved to the same labeling.
>>
>> I think we should add as few ifdef(`disto into fc files as possible.
>
> I would tend to agree, though I suspect I'm a little more liberal with
> their usage than Dan is.
Fair enough. Do I need to resubmit?
Were the other patches submitted OK?
manoj
--
What does it mean if there is no fortune for you?
Manoj Srivastava <[email protected]> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
On Wed, 2009-07-01 at 11:21 -0400, Manoj Srivastava wrote:
> diff --git a/policy/modules/services/mailman.fc
> b/policy/modules/services/mailman.fc
> index 839017f..3199d21 100644
> --- a/policy/modules/services/mailman.fc
> +++ b/policy/modules/services/mailman.fc
> @@ -31,3 +31,8 @@ ifdef(`distro_redhat', `
> /var/lock/mailman(/.*)?
> gen_context(system_u:object_r:mailman_lock_t,s0)
> /var/spool/mailman(/.*)?
> gen_context(system_u:object_r:mailman_data_t,s0)
> ')
> +
> +ifdef(`distro_debian', `
> +/var/lock/mailman(/.*)?
> gen_context(system_u:object_r:mailman_lock_t,s0)
> +')
> +
Merged without distro_debian.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
From: Manoj Srivastava <[email protected]>
A recent update added an generic context for the lock files, so the
entry in distro_redhat can be removed.
Signed-off-by: Manoj Srivastava <[email protected]>
---
policy/modules/services/mailman.fc | 1 -
1 files changed, 0 insertions(+), 1 deletions(-)
diff --git a/policy/modules/services/mailman.fc b/policy/modules/services/mailman.fc
index e57c713..92afb44 100644
--- a/policy/modules/services/mailman.fc
+++ b/policy/modules/services/mailman.fc
@@ -29,6 +29,5 @@ ifdef(`distro_redhat', `
/usr/lib/mailman/cgi-bin/.* -- gen_context(system_u:object_r:mailman_cgi_exec_t,s0)
/usr/lib/mailman/scripts/mailman -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
-/var/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
/var/spool/mailman(/.*)? gen_context(system_u:object_r:mailman_data_t,s0)
')
--
1.6.3.3
On Tue, 2009-07-14 at 12:17 -0500, Manoj Srivastava wrote:
> From: Manoj Srivastava <[email protected]>
>
> A recent update added an generic context for the lock files, so the
> entry in distro_redhat can be removed.
Merged.
> Signed-off-by: Manoj Srivastava <[email protected]>
> ---
> policy/modules/services/mailman.fc | 1 -
> 1 files changed, 0 insertions(+), 1 deletions(-)
>
> diff --git a/policy/modules/services/mailman.fc b/policy/modules/services/mailman.fc
> index e57c713..92afb44 100644
> --- a/policy/modules/services/mailman.fc
> +++ b/policy/modules/services/mailman.fc
> @@ -29,6 +29,5 @@ ifdef(`distro_redhat', `
> /usr/lib/mailman/cgi-bin/.* -- gen_context(system_u:object_r:mailman_cgi_exec_t,s0)
> /usr/lib/mailman/scripts/mailman -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
>
> -/var/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
> /var/spool/mailman(/.*)? gen_context(system_u:object_r:mailman_data_t,s0)
> ')
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
On Mon, 13 Jul 2009, Manoj Srivastava <[email protected]> wrote:
> >> I think we should add as few ifdef(`disto into fc files as possible.
> >
> > I would tend to agree, though I suspect I'm a little more liberal with
> > their usage than Dan is.
>
> ? ? ? ? Fair enough. Do I need to resubmit?
I think that whenever an entry only applies to one distribution we should have
an ifdef for it.
For example if an application might store some data in /var/cache and then
change to /var/lib. This sort of change happens periodically. If the old
directory has an ifdef entry for the distribution you use then you can be
certain that removing the old entry will not impact anyone else. If however
there is no ifdef then you will not know how many other people might be
impacted by removing the old fc entry so you will be inclined to leave it
there.
To avoid accumulating old fc rules I think we should aim to have as many
distro-specific ifdef entries as reasonably possible. If a certain entry is
used by multiple distributions then make it unconditional, this will still
lead to some accumulation of needless entries, but it will be slower.
--
russell at coker.com.au
http://etbe.coker.com.au/ My Main Blog
http://doc.coker.com.au/ My Documents Blog