From: aranea@aixah.de (Luis Ressel)
Date: Mon, 18 Nov 2013 17:46:49 +0100
Subject: [refpolicy] [PATCH] Only label administrative postgres commands
 as postgresql_exec_t
In-Reply-To: <528A1FAD.4000809@redhat.com>
References: <1384692777-9505-1-git-send-email-aranea@aixah.de>
	<528A1FAD.4000809@redhat.com>
Message-ID: <20131118174649.1c833f67@gentp.lnet>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 18 Nov 2013 09:09:49 -0500
Daniel J Walsh <dwalsh@redhat.com> wrote:

> I hate adding ifdef code to fc files, it is usually just clutter.  If
> I have an init script named /etc/init\.d/postgresql-.*	 I
> would figure all distributions would want this labeled this way.
> 
> If this labeling makes sense for other distributions, then we should
> remove the ifdef.
> 
> Also bin_t should never be listed in an fc file other then
> corecommands.fc

Sorry, the ifdefs were there in the original gentoo patch, but it makes
sense to me to drop them. But how else should I label these files, if
not bin_t? Yet another separate type like "postgresql_user_exec_t"?


Regards,
Luis Ressel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 966 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20131118/de97a24f/attachment.bin