From: dwalsh@redhat.com (Daniel J Walsh)
Date: Tue, 03 Jul 2012 07:18:06 -0400
Subject: [refpolicy] pptp_t vs pppd_t
In-Reply-To: <201207031543.56296.russell@coker.com.au>
References: <201207031543.56296.russell@coker.com.au>
Message-ID: <4FF2D4EE.6050805@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/03/2012 01:43 AM, Russell Coker wrote:
> Is there a real benefit in having separate domains for pptp and pppd?
> 
> The access that they have is very similar and the differences are things
> that aren't so significant (EG pptp_t denied access to
> pppd_devpts_t:chr_file).
> 
> Also both the programs can run each other (the policy allows pppd to run
> pptpd and in my test network pptpd needs to run pppd) which limits the
> ability to create a useful separation.
> 
> I think it would be best if we merged the two domains.
> 

I am always for merging domains together.  I think we have far too many
domains that basically have the security domain and just add complexity.
Fedora consolidated all of the "spam" domains also.

I really believe we should consolidate the mail domains.  mail_t instead of
sendmail_t, postfix_t, qmail_t, dovecot_t, courier_t ...

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/y1O4ACgkQrlYvE4MpobPtpgCgpl0i5SgNbakzYEOO8V0tDvAN
lTYAoNVw17S4dCdmCdbfqFD1zUjEfPo9
=qWw4
-----END PGP SIGNATURE-----