From: russell@coker.com.au (Russell Coker)
Date: Thu, 12 Nov 2009 14:22:17 +1100
Subject: [refpolicy] Debian has mailman lock files too
In-Reply-To: <877hydnjpc.fsf@anzu.internal.golden-gryphon.com>
References: <874otwjuo6.fsf@anzu.internal.golden-gryphon.com>
	<1246906384.21090.69.camel@gorn.columbia.tresys.com>
	<877hydnjpc.fsf@anzu.internal.golden-gryphon.com>
Message-ID: <200911121422.22859.russell@coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 13 Jul 2009, Manoj Srivastava <srivasta@golden-gryphon.com> wrote:
> >> I think we should add as few ifdef(`disto into fc files as possible.
> >
> > I would tend to agree, though I suspect I'm a little more liberal with
> > their usage than Dan is.
>
> ? ? ? ? Fair enough. Do I need to resubmit?

I think that whenever an entry only applies to one distribution we should have 
an ifdef for it.

For example if an application might store some data in /var/cache and then 
change to /var/lib.  This sort of change happens periodically.  If the old 
directory has an ifdef entry for the distribution you use then you can be 
certain that removing the old entry will not impact anyone else.  If however 
there is no ifdef then you will not know how many other people might be 
impacted by removing the old fc entry so you will be inclined to leave it 
there.

To avoid accumulating old fc rules I think we should aim to have as many 
distro-specific ifdef entries as reasonably possible.  If a certain entry is 
used by multiple distributions then make it unconditional, this will still 
lead to some accumulation of needless entries, but it will be slower.

-- 
russell at coker.com.au
http://etbe.coker.com.au/          My Main Blog
http://doc.coker.com.au/           My Documents Blog