From: guido@trentalancia.com (Guido Trentalancia) Date: Tue, 25 Jan 2011 20:20:30 +0100 Subject: [refpolicy] [PATCH/RFC 3/19]: patch set to update the git reference policy In-Reply-To: <4D3F1A9D.1060707@gmail.com> References: <1295829836.3862.62.camel@tesla.lan> <4D3D8B05.2050002@gmail.com> <1295978687.3051.3.camel@tesla.lan> <4D3F1317.8000309@gmail.com> <1295979981.3051.10.camel@tesla.lan> <4D3F16D2.9070705@gmail.com> <1295980781.11770.4.camel@tesla.lan> <4D3F1A9D.1060707@gmail.com> Message-ID: <1295983230.11770.24.camel@tesla.lan> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue, 25/01/2011 at 19.46 +0100, Dominick Grift wrote: > On 01/25/2011 07:39 PM, Guido Trentalancia wrote: > > Hello Dominick ! > > > > It was just to keep the interface more generic and eventually re-usable. > > But I have now changed the interface to: > > I understand, and allowing a domain to search a directory isnt a big > deal. Yet i learned from experience. I mean there is a "pattern" in > refpolicy, and i almost never see the read_fifo_file_pattern for domain > types used so that is the reason for my suggestion. A nitpick but i had > to mention it anyway. Trying to keep things uniform. Yes, one of my first aims is to stay definitely uniform unless there is really a good reason to do things differently because of a possible improvement which brings some good advantages. Splitting up dbus:send_msg permissions (to be uni-directional from each module) was one thing that I thought it could improve the actual situation for a good reason. But nobody else commented on that, so that thing is still pending... You didn't manage to convince me yet of your different opinion, but we'll see ;-) > > allow $1 init_t:fifo_file read_fifo_file_perms; > > > > so it's a bit more optimised and tight. Regards, Guido