From: petre rodan <kaiowas@gentoo.org>
To: russell@coker.com.au
Cc: SELinux <selinux@tycho.nsa.gov>
Subject: Re: gentoo diffs
Date: Sun, 08 May 2005 21:58:33 +0300 [thread overview]
Message-ID: <427E6159.4090804@gentoo.org> (raw)
In-Reply-To: <200505090349.22645.russell@coker.com.au>
[-- Attachment #1: Type: text/plain, Size: 2010 bytes --]
Hi,
Russell Coker wrote:
[snip]
> +daemon_base_domain(svc_start)
> +domain_auto_trans(init_t, svc_start_exec_t, svc_start_t)
>
> Is this for daemons that may be started either from /etc/inittab
> or /etc/init.d scripts?
yes, basicaly it's about svscanboot that acording to the documentation is started from inittab.
gentoo's default is to start svscan from an init script, but some users asked for the other way arround.
these two binaries are somewhat equivalent and both have a svc_start_exec_t label.
>>* kerberos: gentoo file locations
>
> Those should have ifdef(`distro_gentoo' around them. Ideally we want as many
> ifdef(`distro_... rules in the file contexts as possible. The more stuff
> that can be removed because of being applicable to distributions other than
> the one you use the better. setfiles still has performance issues...
ok, I'll keep that in mind.
>>* postfix: gentoo file locations for 64bit systems
>
> Are you seriously planning to have both 32bit and 64bit versions of Postfix
> installed on the same system at the same time
> If not then you shouldn't be using special names for 64bit versions.
> If you are then I suspect you are
> doing something vastly different from what everyone else is doing and
> ifdef(`distro_gentoo' would be appropriate.
>
> We should probably have ifdef(`distro_redhat' and ifdef(`distro_debian' in any
> case.
>
> Also I'm quite certain that you are not using all four combinations
> of /usr/lib(exec)?(64)?/postfix/.
http://bugs.gentoo.org/show_bug.cgi?id=89321
we have /usr/lib/postfix and /usr/lib64/postfix depending on the profile under which it was compiled.
having it like lib(exec)?(64)? means that it's very easy to maintain, but if that's not possible, no problem.
> I plan to extend the stem compression support in setfiles to two levels,
> taking full advantage of that means removing such conditionals from the
> policy.
thanks,
peter
--
petre rodan
<kaiowas@gentoo.org>
Developer,
Hardened Gentoo Linux
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 265 bytes --]
next prev parent reply other threads:[~2005-05-08 19:00 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-07 12:55 gentoo diffs petre rodan
2005-05-08 17:49 ` Russell Coker
2005-05-08 18:58 ` petre rodan [this message]
2005-05-09 5:40 ` Russell Coker
-- strict thread matches above, loose matches on Subject: below --
2005-12-04 10:32 Gentoo diffs Petre Rodan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=427E6159.4090804@gentoo.org \
--to=kaiowas@gentoo.org \
--cc=russell@coker.com.au \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.