From: guido@trentalancia.com (Guido Trentalancia)
Date: Sun, 20 Feb 2011 06:37:46 +0100
Subject: [refpolicy] [patch 1/3] Implementation of system conf type
In-Reply-To: <20110219095711.GA6270@siphos.be>
References: <4D5E95C1.9080805@redhat.com>  <20110219095711.GA6270@siphos.be>
Message-ID: <1298180267.3098.11.camel@tesla.lan>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sat, 19/02/2011 at 10.57 +0100, Sven Vermeulen wrote:
> On Fri, Feb 18, 2011 at 03:52:33PM +0000, Miroslav Grepl wrote:
> > http://mgrepl.fedorapeople.org/F15/system_conf_implemantion_p1.patch
> > 
> >      * Implementation of system conf type for manageable system 
> > configuration files.
> 
> Isn't a generic system configuration type a bit too broad for a security
> policy? We already have etc_t.

I agree with Sven, it appears to be rather useless (at least for the use
that is being made so far in the patches that have been posted) and it
just introduces a redundancy of types.

But Sven, I believe this is stuff just intended for Fedora 15. It won't
affect the rest of us. I don't even understand why it has been posted
with the [PATCH] tag in the subject on this mailing list. Some stuff
won't even build on refpolicy because there are missing bits (such as
missing interfaces that have never been defined in refpolicy and that
are only being used by Fedora as part of their customisations).

Regards,

Guido