From: russell@coker.com.au (Russell Coker)
Date: Sat, 17 Jul 2010 15:24:43 +1000
Subject: [refpolicy] some Debian specific patches
In-Reply-To: <4C3B5674.3010805@tresys.com>
References: <201007071702.17347.russell@coker.com.au>
	<20100711184859.57714jpvyqkmc6ww@webmail.tuffmail.net>
	<4C3B5674.3010805@tresys.com>
Message-ID: <201007171524.43743.russell@coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, 13 Jul 2010, "Christopher J. PeBenito" <cpebenito@tresys.com> wrote:
> > It seems to me rather pointless to put in all these distro defines,
> > especially in file contexts - whatever distro you are running, if you
> > have a file at /usr/libexec/dcc/dbclean then you probably want it
> > labelled as dcc_dbclean_exec_t. And fcs for files that don't exist are
> > harmless beyond using a few bytes.
> > 
> > However I leave that up to Chris,
> 
> I tend to agree.

One benefit of distro defines in the file_contexts is that we know which 
distributions they apply to.  So if we have three distributions with different 
directories used and two different versions of the daemon with different file 
names then we can retire the old names in a sensible manner.

If there are no defines then it's difficult to determine who uses what.

Now we could have comments, but they aren't quite as good because there is no 
requirement to keep them accurate.

-- 
russell at coker.com.au
http://etbe.coker.com.au/          My Main Blog
http://doc.coker.com.au/           My Documents Blog