From: dominick.grift@gmail.com (Dominick Grift) Date: Thu, 06 Sep 2012 21:21:00 +0200 Subject: [refpolicy] state of core/contrib split In-Reply-To: <5048F19E.7000301@redhat.com> References: <5048D6E2.3030303@tresys.com> <5048DA26.3080703@trentalancia.com> <1346954588.15262.89.camel@d30.localdomain> <5048EF31.10902@redhat.com> <5048F19E.7000301@redhat.com> Message-ID: <1346959260.15262.97.camel@d30.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Thu, 2012-09-06 at 14:55 -0400, Daniel J Walsh wrote: > > The problem I saw when I started to merge changes in the past was that lots of > new policies required changes to the base, especially corenetwork. As The issue with regard to port labeling should in my view be easily solved. just label the darned ports :) so if we can just merge corenetwork.te.in ( atleast with regard to declaring new port types.) then that should give me more room to merge stuff. although i really like your idea of using attributes to classify ports rather than giving them a service specific name. But there are more issues but it does not have to be perfect in my view. If fedora has something controversial then, in my view, i could just merge the policy without the controversial bits (if i cant fix it to something acceptable myself). Policy is never perfect anyways is always a process.