From: mgrepl@redhat.com (Miroslav Grepl)
Date: Tue, 03 Jul 2012 13:47:47 +0200
Subject: [refpolicy] pptp_t vs pppd_t
In-Reply-To: <4FF2D4EE.6050805@redhat.com>
References: <201207031543.56296.russell@coker.com.au>
	<4FF2D4EE.6050805@redhat.com>
Message-ID: <4FF2DBE3.7030106@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 07/03/2012 01:18 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 07/03/2012 01:43 AM, Russell Coker wrote:
>> Is there a real benefit in having separate domains for pptp and pppd?
>>
>> The access that they have is very similar and the differences are things
>> that aren't so significant (EG pptp_t denied access to
>> pppd_devpts_t:chr_file).
>>
>> Also both the programs can run each other (the policy allows pppd to run
>> pptpd and in my test network pptpd needs to run pppd) which limits the
>> ability to create a useful separation.
>>
>> I think it would be best if we merged the two domains.
>>
> I am always for merging domains together.  I think we have far too many
> domains that basically have the security domain and just add complexity.
> Fedora consolidated all of the "spam" domains also.
>
> I really believe we should consolidate the mail domains.  mail_t instead of
> sendmail_t, postfix_t, qmail_t, dovecot_t, courier_t ...
I agree with this. The question is whether it could be accepted?
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk/y1O4ACgkQrlYvE4MpobPtpgCgpl0i5SgNbakzYEOO8V0tDvAN
> lTYAoNVw17S4dCdmCdbfqFD1zUjEfPo9
> =qWw4
> -----END PGP SIGNATURE-----
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy