From: mgrepl@redhat.com (Miroslav Grepl)
Date: Tue, 23 Jun 2009 15:27:35 +0200
Subject: [refpolicy] services_shorewall.patch
In-Reply-To: <4A40D512.3090901@redhat.com>
References: <4A2DB5CE.60308@redhat.com>	
	<1245679177.4230.744.camel@gorn.columbia.tresys.com>	
	<4A3FED73.7010508@redhat.com>
	<1245760509.4230.844.camel@gorn.columbia.tresys.com>
	<4A40D512.3090901@redhat.com>
Message-ID: <4A40D847.8070006@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 06/23/2009 03:13 PM, Daniel J Walsh wrote:
> On 06/23/2009 08:35 AM, Christopher J. PeBenito wrote:
>> On Mon, 2009-06-22 at 16:45 -0400, Daniel J Walsh wrote:
>>> On 06/22/2009 09:59 AM, Christopher J. PeBenito wrote:
>>>> On Mon, 2009-06-08 at 21:07 -0400, Daniel J Walsh wrote:
>>>>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_shorewall.patch 
>>>>>
>>>>>
>>>>> Shorewall policy
>>>> I don't understand why this is written as a service.  As far as I can
>>>> tell from the documentation, its not a service; it just does iptables
>>>> configuration.
>>> I got this from someone else.   So you think it should just be added to
>>> iptables config.
>>
>> Not necessarily.  It may be sufficient to change the
>> init_daemon_domain() to init_system_domain and then moving it into admin
>> layer.
>>
>
> Miroslav wrote the domain, so I guess it is between you two.  I think 
> the init_system_domain is fine.

Right now I am testing what Chris suggests. It seems fine.