From: dominick.grift@gmail.com (Dominick Grift)
Date: Tue, 26 Jun 2012 23:27:53 +0200
Subject: [refpolicy] [PATCH 1/1] bcfg2-server contrib policy
In-Reply-To: <4FEA20D0.1090608@redhat.com>
References: <4FEA20D0.1090608@redhat.com>
Message-ID: <1340746073.12652.30.camel@x220.mydomain.internal>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com
On Tue, 2012-06-26 at 22:51 +0200, Miroslav Grepl wrote:
> A new policy for bcfg2-server from Fedora contrib repo.
> (git://git.fedorahosted.org/selinux-policy.git)
1. major far reaching differences between fedora's and refpolicy's
auth_use_nsswitch() implementations
2. files_read_etc_files() is redundant. already allowed in
auth_use_nsswitch()
3. files dont need a file transition from var_lib_t to bcfg2_var_lib_t;
only dirs as per file context specification:
/var/lib/bcfg2(/.*)?gen_context(system_u:object_r:bcfg2_var_lib_t,s0)
4. cfg2_systemctl() relies on systemd policy which isnt upstreamed
5. nit: "## policy for bcfg2" is not a proper summary
5 a.
+##
+## Transition to bcfg2.
+##
is not a proper summary
> Description:
> bcfg2-server This daemon serves configurations to
> clients based on the data in its repository
>
> Patch:
> http://mgrepl.fedorapeople.org/SELinux/F18/contrib_bcfg2.patch
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy