From: pebenito@gentoo.org (Chris PeBenito)
Date: Mon, 12 Jan 2009 10:34:49 -0500
Subject: [refpolicy] [RFC] drop nodecons
In-Reply-To: <200901091611.22030.paul.moore@hp.com>
References: <1231341913.27022.20.camel@gorn.columbia.tresys.com>
	<200901081045.17478.paul.moore@hp.com> <1231508032.20122.3.camel@gorn>
	<200901091611.22030.paul.moore@hp.com>
Message-ID: <1231774489.4093.20.camel@defiant.pebenito.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, 2009-01-09 at 16:11 -0500, Paul Moore wrote:
> On Friday 09 January 2009 8:33:49 am Christopher J. PeBenito wrote:
> > On Thu, 2009-01-08 at 10:45 -0500, Paul Moore wrote:
> > > On Thursday 08 January 2009 9:17:11 am Stephen Smalley wrote:
> > > > On Wed, 2009-01-07 at 17:20 -0500, Paul Moore wrote:
> > > > > The next step is to get semanage to label network nodes (or fix
> > > > > it if it is broken).
> > > >
> > > > semanage node support exists, but might not correctly handle
> > > > conflicting/overlapping definitions between the base policy and
> > > > local customizations.  See prior discussion on Adding local
> > > > nodecon's through semanage on selinux list.
> > >
> > > Yep, I've still got that thread marked in my inbox as something to
> > > revisit.  It will grow more important once we enable the network
> > > peer controls policy capability (Chris, thoughts/comments on the
> > > patch I posted regardint that?).
> >
> > I'm not ready to drop the protocol-specific interfaces.  Refpolicy
> > still supports back to RHEL4, so the granularity of the original
> > networking controls is still important.
> 
> Okay fair enough.  Let me know what you think about the patch I 
> submitted to enable the network_peer_controls policy capability; I'm 
> really hoping that we can enable this for F11.

As far as I can see, the only related part for that is the hunk that
uncomments the capability.  Perhaps you should resend it?

-- 
Chris PeBenito
<pebenito@gentoo.org>
Developer,
Hardened Gentoo Linux
 
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A  CB00 BC8E E42D E6AF 9243
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090112/2b56a49a/attachment.bin