From: dwalsh@redhat.com (Daniel J Walsh)
Date: Wed, 01 Jul 2009 12:54:06 -0400
Subject: [refpolicy] Debian has mailman lock files too
In-Reply-To: <874otwjuo6.fsf@anzu.internal.golden-gryphon.com>
References: <874otwjuo6.fsf@anzu.internal.golden-gryphon.com>
Message-ID: <4A4B94AE.5070107@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 07/01/2009 11:21 AM, Manoj Srivastava wrote:
> diff --git a/policy/modules/services/mailman.fc b/policy/modules/services/mailman.fc
> index 839017f..3199d21 100644
> --- a/policy/modules/services/mailman.fc
> +++ b/policy/modules/services/mailman.fc
> @@ -31,3 +31,8 @@ ifdef(`distro_redhat', `
>   /var/lock/mailman(/.*)?                        gen_context(system_u:object_r:mailman_lock_t,s0)
>   /var/spool/mailman(/.*)?               gen_context(system_u:object_r:mailman_data_t,s0)
>   ')
> +
> +ifdef(`distro_debian', `
> +/var/lock/mailman(/.*)?                        gen_context(system_u:object_r:mailman_lock_t,s0)
> +')
> +
>
Why not remove the ifdef distro...*

We should not be adding ifdef distro unless the distros conflict on 
labels.  I don't imagine any distro is going to have /var/lock/mailman 
be anything other them mailman_lock_t.

Several times I have had to move a label out of ifdef...debian because 
fedora moved to the same labeling.

I think we should add as few ifdef(`disto into fc files as possible.