From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 06 Jul 2009 14:53:04 -0400
Subject: [refpolicy] Debian has mailman lock files too
In-Reply-To: <4A4B94AE.5070107@redhat.com>
References: <874otwjuo6.fsf@anzu.internal.golden-gryphon.com>
	<4A4B94AE.5070107@redhat.com>
Message-ID: <1246906384.21090.69.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, 2009-07-01 at 12:54 -0400, Daniel J Walsh wrote:
> On 07/01/2009 11:21 AM, Manoj Srivastava wrote:
> > diff --git a/policy/modules/services/mailman.fc b/policy/modules/services/mailman.fc
> > index 839017f..3199d21 100644
> > --- a/policy/modules/services/mailman.fc
> > +++ b/policy/modules/services/mailman.fc
> > @@ -31,3 +31,8 @@ ifdef(`distro_redhat', `
> >   /var/lock/mailman(/.*)?                        gen_context(system_u:object_r:mailman_lock_t,s0)
> >   /var/spool/mailman(/.*)?               gen_context(system_u:object_r:mailman_data_t,s0)
> >   ')
> > +
> > +ifdef(`distro_debian', `
> > +/var/lock/mailman(/.*)?                        gen_context(system_u:object_r:mailman_lock_t,s0)
> > +')
> > +
> >
> Why not remove the ifdef distro...*
> 
> We should not be adding ifdef distro unless the distros conflict on 
> labels.  I don't imagine any distro is going to have /var/lock/mailman 
> be anything other them mailman_lock_t.
> 
> Several times I have had to move a label out of ifdef...debian because 
> fedora moved to the same labeling.
> 
> I think we should add as few ifdef(`disto into fc files as possible.

I would tend to agree, though I suspect I'm a little more liberal with
their usage than Dan is.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150