From: pebenito@ieee.org (Chris PeBenito) Date: Sat, 6 Aug 2016 16:53:28 -0400 Subject: [refpolicy] [PATCH] single binary modutils In-Reply-To: <201608031233.21247.russell@coker.com.au> References: <20160731123441.dcfgg3ln6z7u43f3@athena.coker.com.au> <64191a41-447c-83ab-dfab-2fcaa1275356@ieee.org> <201608031233.21247.russell@coker.com.au> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 08/02/16 22:33, Russell Coker wrote: > On Wed, 3 Aug 2016 09:59:28 AM Chris PeBenito wrote: >> On 07/31/16 08:34, Russell Coker wrote: >>> The following patch deals with a single binary for modutils, so depmod_t, >>> and insmod_t are merged. >> >> Since the main SELinux distros (including RHEL/CentOS 7) all have merged >> modutils these days, I'm open to taking a patch that fully merges these >> domains (in which case renaming to kmod_t, with proper aliasing seems >> the best idea). > > OK. > >> However, it's been some time since I used a busybox-based system; does >> busybox still have separated tools? Yes, this is a bit of an obvious >> question since busybox is also single-binary, but IIRC, the embedded >> guys made some tiny helper scripts or executables so proper >> transitioning could occur. Separate domains may still make sense. > > Maybe have an ifdef(`embedded' or something around it then? I'm having a hard time envisioning how that would work. If anyone is using busybox like this, please speak up. No sense in us trying to handle a use case that no one uses. -- Chris PeBenito