From: russell@coker.com.au (Russell Coker) Date: Tue, 3 Jul 2012 15:43:55 +1000 Subject: [refpolicy] pptp_t vs pppd_t Message-ID: <201207031543.56296.russell@coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Is there a real benefit in having separate domains for pptp and pppd? The access that they have is very similar and the differences are things that aren't so significant (EG pptp_t denied access to pppd_devpts_t:chr_file). Also both the programs can run each other (the policy allows pppd to run pptpd and in my test network pptpd needs to run pppd) which limits the ability to create a useful separation. I think it would be best if we merged the two domains. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/