From: dwalsh@redhat.com (Daniel J Walsh)
Date: Tue, 23 Jun 2009 09:13:54 -0400
Subject: [refpolicy] services_shorewall.patch
In-Reply-To: <1245760509.4230.844.camel@gorn.columbia.tresys.com>
References: <4A2DB5CE.60308@redhat.com>	
	<1245679177.4230.744.camel@gorn.columbia.tresys.com>	
	<4A3FED73.7010508@redhat.com>
	<1245760509.4230.844.camel@gorn.columbia.tresys.com>
Message-ID: <4A40D512.3090901@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 06/23/2009 08:35 AM, Christopher J. PeBenito wrote:
> On Mon, 2009-06-22 at 16:45 -0400, Daniel J Walsh wrote:
>> On 06/22/2009 09:59 AM, Christopher J. PeBenito wrote:
>>> On Mon, 2009-06-08 at 21:07 -0400, Daniel J Walsh wrote:
>>>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_shorewall.patch
>>>>
>>>> Shorewall policy
>>> I don't understand why this is written as a service.  As far as I can
>>> tell from the documentation, its not a service; it just does iptables
>>> configuration.
>> I got this from someone else.   So you think it should just be added to
>> iptables config.
>
> Not necessarily.  It may be sufficient to change the
> init_daemon_domain() to init_system_domain and then moving it into admin
> layer.
>

Miroslav wrote the domain, so I guess it is between you two.  I think 
the init_system_domain is fine.