From: mgrepl@redhat.com (Miroslav Grepl) Date: Tue, 03 Jul 2012 13:47:47 +0200 Subject: [refpolicy] pptp_t vs pppd_t In-Reply-To: <4FF2D4EE.6050805@redhat.com> References: <201207031543.56296.russell@coker.com.au> <4FF2D4EE.6050805@redhat.com> Message-ID: <4FF2DBE3.7030106@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 07/03/2012 01:18 PM, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 07/03/2012 01:43 AM, Russell Coker wrote: >> Is there a real benefit in having separate domains for pptp and pppd? >> >> The access that they have is very similar and the differences are things >> that aren't so significant (EG pptp_t denied access to >> pppd_devpts_t:chr_file). >> >> Also both the programs can run each other (the policy allows pppd to run >> pptpd and in my test network pptpd needs to run pppd) which limits the >> ability to create a useful separation. >> >> I think it would be best if we merged the two domains. >> > I am always for merging domains together. I think we have far too many > domains that basically have the security domain and just add complexity. > Fedora consolidated all of the "spam" domains also. > > I really believe we should consolidate the mail domains. mail_t instead of > sendmail_t, postfix_t, qmail_t, dovecot_t, courier_t ... I agree with this. The question is whether it could be accepted? > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk/y1O4ACgkQrlYvE4MpobPtpgCgpl0i5SgNbakzYEOO8V0tDvAN > lTYAoNVw17S4dCdmCdbfqFD1zUjEfPo9 > =qWw4 > -----END PGP SIGNATURE----- > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy