From: paul.moore@hp.com (Paul Moore)
Date: Thu, 8 Jan 2009 10:45:17 -0500
Subject: [refpolicy] [RFC] drop nodecons
In-Reply-To: <1231424231.14773.17.camel@localhost.localdomain>
References: <1231341913.27022.20.camel@gorn.columbia.tresys.com>
	<200901071720.02842.paul.moore@hp.com>
	<1231424231.14773.17.camel@localhost.localdomain>
Message-ID: <200901081045.17478.paul.moore@hp.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thursday 08 January 2009 9:17:11 am Stephen Smalley wrote:
> On Wed, 2009-01-07 at 17:20 -0500, Paul Moore wrote:
> > The next step is to get semanage to label network nodes (or fix it
> > if it is broken).
>
> semanage node support exists, but might not correctly handle
> conflicting/overlapping definitions between the base policy and local
> customizations.  See prior discussion on Adding local nodecon's
> through semanage on selinux list.

Yep, I've still got that thread marked in my inbox as something to 
revisit.  It will grow more important once we enable the network peer 
controls policy capability (Chris, thoughts/comments on the patch I 
posted regardint that?).

-- 
paul moore
linux @ hp