From: russell@coker.com.au (Russell Coker)
Date: Tue, 3 Jul 2012 15:43:55 +1000
Subject: [refpolicy] pptp_t vs pppd_t
Message-ID: <201207031543.56296.russell@coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Is there a real benefit in having separate domains for pptp and pppd?

The access that they have is very similar and the differences are things that 
aren't so significant (EG pptp_t denied access to pppd_devpts_t:chr_file).

Also both the programs can run each other (the policy allows pppd to run pptpd 
and in my test network pptpd needs to run pppd) which limits the ability to 
create a useful separation.

I think it would be best if we merged the two domains.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/