[refpolicy] Rules.modular.patch

All of lore.kernel.org
 help / color / mirror / Atom feed

* [refpolicy] Rules.modular.patch
@ 2009-05-21 15:38 Daniel J Walsh
  2009-05-27 13:03 ` Christopher J. PeBenito
  0 siblings, 1 reply; 5+ messages in thread
From: Daniel J Walsh @ 2009-05-21 15:38 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F11/Rules.modular.patch

Do not call per_role extension automagically.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [refpolicy] Rules.modular.patch
  2009-05-21 15:38 [refpolicy] Rules.modular.patch Daniel J Walsh
@ 2009-05-27 13:03 ` Christopher J. PeBenito
  2009-05-27 15:23   ` Daniel J Walsh
  0 siblings, 1 reply; 5+ messages in thread
From: Christopher J. PeBenito @ 2009-05-27 13:03 UTC (permalink / raw)
  To: refpolicy

On Thu, 2009-05-21 at 11:38 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/Rules.modular.patch
> 
> Do not call per_role extension automagically.

I have to leave this upstream for some time, for compatibility.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [refpolicy] Rules.modular.patch
  2009-05-27 13:03 ` Christopher J. PeBenito
@ 2009-05-27 15:23   ` Daniel J Walsh
  2009-05-27 15:35     ` Christopher J. PeBenito
  2009-05-27 15:38     ` Joe Nall
  0 siblings, 2 replies; 5+ messages in thread
From: Daniel J Walsh @ 2009-05-27 15:23 UTC (permalink / raw)
  To: refpolicy

On 05/27/2009 09:03 AM, Christopher J. PeBenito wrote:
> On Thu, 2009-05-21 at 11:38 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/Rules.modular.patch
>>
>> Do not call per_role extension automagically.
>
> I have to leave this upstream for some time, for compatibility.
>
But isn't this the problem, we should be moving forward and eliminating 
all of the old RHEL4 stuff.  As we move forward we need a mechanism to 
clean the old cruft out.  I think this was a bad decision that we came 
up with many years ago, and we need to get rid if it.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [refpolicy] Rules.modular.patch
  2009-05-27 15:23   ` Daniel J Walsh
@ 2009-05-27 15:35     ` Christopher J. PeBenito
  2009-05-27 15:38     ` Joe Nall
  1 sibling, 0 replies; 5+ messages in thread
From: Christopher J. PeBenito @ 2009-05-27 15:35 UTC (permalink / raw)
  To: refpolicy

On Wed, 2009-05-27 at 11:23 -0400, Daniel J Walsh wrote:
> On 05/27/2009 09:03 AM, Christopher J. PeBenito wrote:
> > On Thu, 2009-05-21 at 11:38 -0400, Daniel J Walsh wrote:
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F11/Rules.modular.patch
> >>
> >> Do not call per_role extension automagically.
> >
> > I have to leave this upstream for some time, for compatibility.
> >
> But isn't this the problem, we should be moving forward and eliminating 
> all of the old RHEL4 stuff.  As we move forward we need a mechanism to 
> clean the old cruft out.  I think this was a bad decision that we came 
> up with many years ago, and we need to get rid if it.

This isn't specific to RHEL4.  There are no longer any of these
templates upstream, so it doesn't hurt to leave it.  There may be usage
of these in 3rd party modules, and we won't break them with too short of
an update period.  I certainly have no problem with you removing it in
Fedora, but it has to stay in the upstream for now.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [refpolicy] Rules.modular.patch
  2009-05-27 15:23   ` Daniel J Walsh
  2009-05-27 15:35     ` Christopher J. PeBenito
@ 2009-05-27 15:38     ` Joe Nall
  1 sibling, 0 replies; 5+ messages in thread
From: Joe Nall @ 2009-05-27 15:38 UTC (permalink / raw)
  To: refpolicy


On May 27, 2009, at 10:23 AM, Daniel J Walsh wrote:

> On 05/27/2009 09:03 AM, Christopher J. PeBenito wrote:
>> On Thu, 2009-05-21 at 11:38 -0400, Daniel J Walsh wrote:
>>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/Rules.modular.patch
>>>
>>> Do not call per_role extension automagically.
>>
>> I have to leave this upstream for some time, for compatibility.
>>
> But isn't this the problem, we should be moving forward and  
> eliminating
> all of the old RHEL4 stuff.  As we move forward we need a mechanism to
> clean the old cruft out.  I think this was a bad decision that we came
> up with many years ago, and we need to get rid if it.

I would like to second the request to depreciate/eliminate the  
automatic per-role extensions.

joe

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2009-05-27 15:38 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-05-21 15:38 [refpolicy] Rules.modular.patch Daniel J Walsh
2009-05-27 13:03 ` Christopher J. PeBenito
2009-05-27 15:23   ` Daniel J Walsh
2009-05-27 15:35     ` Christopher J. PeBenito
2009-05-27 15:38     ` Joe Nall

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.