From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 23 Jun 2009 08:35:09 -0400
Subject: [refpolicy] services_shorewall.patch
In-Reply-To: <4A3FED73.7010508@redhat.com>
References: <4A2DB5CE.60308@redhat.com>
	<1245679177.4230.744.camel@gorn.columbia.tresys.com>
	<4A3FED73.7010508@redhat.com>
Message-ID: <1245760509.4230.844.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 2009-06-22 at 16:45 -0400, Daniel J Walsh wrote:
> On 06/22/2009 09:59 AM, Christopher J. PeBenito wrote:
> > On Mon, 2009-06-08 at 21:07 -0400, Daniel J Walsh wrote:
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_shorewall.patch
> >>
> >> Shorewall policy
> >
> > I don't understand why this is written as a service.  As far as I can
> > tell from the documentation, its not a service; it just does iptables
> > configuration.
> 
> I got this from someone else.   So you think it should just be added to 
> iptables config.

Not necessarily.  It may be sufficient to change the
init_daemon_domain() to init_system_domain and then moving it into admin
layer.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150