From: Craig.Grube@cobham.com (Craig Grube)
Date: Thu, 10 Sep 2009 07:14:45 -0400
Subject: [refpolicy] puppet.patch - updated
In-Reply-To: <20090909090704.GA2898@notebook3.grift.internal>
References: <4AA106F0.9000603@cobham.com>
	<20090905093847.GB29896@notebook3.grift.internal>
	<4AA3E02F.7040500@cobham.com>
	<20090906162341.GA4976@notebook3.grift.internal>
	<832FE86D-3F2E-446E-BA8F-BF2D200FB473@cobham.com>
	<20090908102804.GA10519@notebook3.grift.internal>
	<0A2D58E9-8857-4B82-A2F0-A18E1B9FEEA2@cobham.com>
	<20090909090704.GA2898@notebook3.grift.internal>
Message-ID: <11310DB9-AB7D-4F11-9DD6-0D51790CE9ED@cobham.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Thanks.  I'll take a look at what interfaces can be optional_policy  
when I get back from some travel and will resubmit the patch after  
another round of testing.

Craig

On Sep 9, 2009, at 5:07 AM, Dominick Grift wrote:
> looks good to me, One thing that may or or may not be improved is  
> that some of the called interfaces in puppet.te may be  
> optional_policy. To figure that out requires a bit of investigation.  
> You could look up the interface calls in other established refpolicy  
> modules and see whether they are optional there. If they are: wrap  
> them in a optional_policy block and move the blocks below where the  
> other optional policy is (in alphabetical order)
>
> But from my point of view the policy looks rather nice now.