From: dominick.grift@gmail.com (Dominick Grift)
Date: Tue, 26 Jun 2012 23:27:53 +0200
Subject: [refpolicy] [PATCH 1/1] bcfg2-server contrib policy
In-Reply-To: <4FEA20D0.1090608@redhat.com>
References: <4FEA20D0.1090608@redhat.com>
Message-ID: <1340746073.12652.30.camel@x220.mydomain.internal>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, 2012-06-26 at 22:51 +0200, Miroslav Grepl wrote:
> A new policy for bcfg2-server from Fedora contrib repo. 
> (git://git.fedorahosted.org/selinux-policy.git)

1. major far reaching differences between fedora's and refpolicy's
auth_use_nsswitch() implementations

2. files_read_etc_files() is redundant. already allowed in
auth_use_nsswitch()

3. files dont need a file transition from var_lib_t to bcfg2_var_lib_t;
only dirs as per file context specification:

/var/lib/bcfg2(/.*)?gen_context(system_u:object_r:bcfg2_var_lib_t,s0)

4. cfg2_systemctl() relies on systemd policy which isnt upstreamed

5. nit: "## <summary>policy for bcfg2</summary>" is not a proper summary

5 a.

+## <summary>
+##	Transition to bcfg2.
+## </summary>

is not a proper summary

> Description:
>         bcfg2-server This daemon  serves  configurations  to
>         clients based on the data in its repository
> 
> Patch:
> http://mgrepl.fedorapeople.org/SELinux/F18/contrib_bcfg2.patch
> 
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy