From: russell@coker.com.au (Russell Coker) Date: Wed, 3 Aug 2016 12:33:21 +1000 Subject: [refpolicy] [PATCH] single binary modutils In-Reply-To: <64191a41-447c-83ab-dfab-2fcaa1275356@ieee.org> References: <20160731123441.dcfgg3ln6z7u43f3@athena.coker.com.au> <64191a41-447c-83ab-dfab-2fcaa1275356@ieee.org> Message-ID: <201608031233.21247.russell@coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, 3 Aug 2016 09:59:28 AM Chris PeBenito wrote: > On 07/31/16 08:34, Russell Coker wrote: > > The following patch deals with a single binary for modutils, so depmod_t, > > and insmod_t are merged. > > Since the main SELinux distros (including RHEL/CentOS 7) all have merged > modutils these days, I'm open to taking a patch that fully merges these > domains (in which case renaming to kmod_t, with proper aliasing seems > the best idea). OK. > However, it's been some time since I used a busybox-based system; does > busybox still have separated tools? Yes, this is a bit of an obvious > question since busybox is also single-binary, but IIRC, the embedded > guys made some tiny helper scripts or executables so proper > transitioning could occur. Separate domains may still make sense. Maybe have an ifdef(`embedded' or something around it then? -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/