* gentoo merge for postfix
@ 2004-10-16 16:18 petre rodan
2004-10-17 11:13 ` Thomas Bleher
0 siblings, 1 reply; 4+ messages in thread
From: petre rodan @ 2004-10-16 16:18 UTC (permalink / raw)
To: selinux
[-- Attachment #1.1: Type: text/plain, Size: 181 bytes --]
Hi,
can you please ifdef 'rhgb_domain(postfix_master_t)' since it's not part of some distros?
thanks,
peter
--
petre rodan
<kaiowas@gentoo.org>
Developer,
Hardened Gentoo Linux
[-- Attachment #1.2: postfix.diff --]
[-- Type: text/plain, Size: 436 bytes --]
--- /root/public_html/policy/nsa/domains/program/unused/postfix.te 2004-10-15 10:51:22.000000000 +0300
+++ /etc/security/selinux/src/policy/domains/program/postfix.te 2004-10-16 13:15:09.640703128 +0300
@@ -67,7 +67,10 @@
`allow system_mail_t crond_t:tcp_socket { read write create };')
postfix_domain(master, `, mail_server_domain')
+
+ifdef(`distro_redhat', `
rhgb_domain(postfix_master_t)
+')
read_sysctl(postfix_master_t)
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 252 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: gentoo merge for postfix
2004-10-16 16:18 gentoo merge for postfix petre rodan
@ 2004-10-17 11:13 ` Thomas Bleher
2004-10-17 12:52 ` Chris PeBenito
0 siblings, 1 reply; 4+ messages in thread
From: Thomas Bleher @ 2004-10-17 11:13 UTC (permalink / raw)
To: petre rodan; +Cc: selinux
[-- Attachment #1: Type: text/plain, Size: 431 bytes --]
* petre rodan <kaiowas@gentoo.org> [2004-10-17 00:55]:
> can you please ifdef 'rhgb_domain(postfix_master_t)' since it's not part of
> some distros?
I disagree. rhgb_domain() is a no-op if you don't use rhgb.te. Using
additional ifdefs just makes the policy harder to read.
Thomas
--
http://www.cip.ifi.lmu.de/~bleher/selinux/ - my SELinux pages
GPG-Fingerprint: BC4F BB16 30D6 F253 E3EA D09E C562 2BAE B2F4 ABE7
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: gentoo merge for postfix
2004-10-17 11:13 ` Thomas Bleher
@ 2004-10-17 12:52 ` Chris PeBenito
2004-10-17 14:32 ` Russell Coker
0 siblings, 1 reply; 4+ messages in thread
From: Chris PeBenito @ 2004-10-17 12:52 UTC (permalink / raw)
To: Thomas Bleher; +Cc: petre rodan, SELinux Mail List
[-- Attachment #1: Type: text/plain, Size: 799 bytes --]
On Sun, 2004-10-17 at 13:13 +0200, Thomas Bleher wrote:
> * petre rodan <kaiowas@gentoo.org> [2004-10-17 00:55]:
> > can you please ifdef 'rhgb_domain(postfix_master_t)' since it's not part of
> > some distros?
>
> I disagree. rhgb_domain() is a no-op if you don't use rhgb.te. Using
> additional ifdefs just makes the policy harder to read.
That is assuming rhgb_macros.te is included. It is not included in
Gentoo's policy since we never use it. I'm not going to add unneeded
files to fix something thats not properly ifdef'ed.
--
Chris PeBenito
<pebenito@gentoo.org>
Developer,
Hardened Gentoo Linux
Embedded Gentoo Linux
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: gentoo merge for postfix
2004-10-17 12:52 ` Chris PeBenito
@ 2004-10-17 14:32 ` Russell Coker
0 siblings, 0 replies; 4+ messages in thread
From: Russell Coker @ 2004-10-17 14:32 UTC (permalink / raw)
To: Chris PeBenito; +Cc: Thomas Bleher, petre rodan, SELinux Mail List
On Sun, 17 Oct 2004 22:52, Chris PeBenito <pebenito@gentoo.org> wrote:
> On Sun, 2004-10-17 at 13:13 +0200, Thomas Bleher wrote:
> > * petre rodan <kaiowas@gentoo.org> [2004-10-17 00:55]:
> > > can you please ifdef 'rhgb_domain(postfix_master_t)' since it's not
> > > part of some distros?
> >
> > I disagree. rhgb_domain() is a no-op if you don't use rhgb.te. Using
> > additional ifdefs just makes the policy harder to read.
>
> That is assuming rhgb_macros.te is included. It is not included in
> Gentoo's policy since we never use it. I'm not going to add unneeded
> files to fix something thats not properly ifdef'ed.
If that's the approach you want to take then you should submit a patch that
makes equivalent changes to can_ypbind() and lots of other macros.
The current behaviour of such macros is intentional, it is designed to make
the policy smaller and easier to read. It is not an omission, it is a design
decision.
It would not be difficult for you to put in a macros file that does null
declarations of all the macros that you don't want in a single file, thus
achieving your goal of a minimum number of macros files while not bloating
the other policy.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2004-10-17 14:33 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-10-16 16:18 gentoo merge for postfix petre rodan
2004-10-17 11:13 ` Thomas Bleher
2004-10-17 12:52 ` Chris PeBenito
2004-10-17 14:32 ` Russell Coker
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.