Re: We are attempting once again to split policy out into individual RPMS.

[Daniel J Walsh <dwalsh@redhat.com>]

Karl MacMillan wrote:
> On Tue, 2006-05-02 at 12:26 -0400, Stephen Smalley wrote:
>   
>> On Tue, 2006-05-02 at 11:27 -0400, Jeremy Katz wrote:
>>     
>>> Lots do.  On the order of as many packages as require users at least.
>>> And I'd expect more over time (especially given policy around dbus and
>>> the increasing reliance on dbus through the distribution).  Imagine a
>>> world where every user you wanted to add had to have a separate package
>>> to create the user first. 
>>>       
>> I'm not sure these all require separate policy.  Ideally, we'd like to
>> see greater use of the equivalence class concepts to limit the explosion
>> in policy and not require per-application/per-package policy in so many
>> cases.  There is a tradeoff here in least privilege vs. manageability.
>>
>>     
>
> The other issue that I'm concerned with is how multiple policy types
> will be supported including custom third-part policies. I know that Dan
> has been pushing the concept that policies should be portable across
> base policies, but I think that there is a limit to how far that can go.
> Separate policy packages seem to handle this situation elegantly. So,
> how is the MLS policy going to be handled?
>
> Karl
>
>   
Could we do a requires/provides for this type of thing?

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.