[refpolicy] system_unconfined.patch

All of lore.kernel.org
 help / color / mirror / Atom feed

From: dwalsh@redhat.com (Daniel J Walsh)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] system_unconfined.patch
Date: Tue, 16 Feb 2010 12:26:39 -0500	[thread overview]
Message-ID: <4B7AD54F.3050008@redhat.com> (raw)
In-Reply-To: <1266328452.11004.48.camel@gorn.columbia.tresys.com>

On 02/16/2010 08:54 AM, Christopher J. PeBenito wrote:
> On Sat, 2010-02-13 at 07:18 -0500, Daniel J Walsh wrote:
>> On 02/12/2010 03:17 PM, Christopher J. PeBenito wrote:
>>> On Thu, 2009-11-12 at 17:17 -0500, Daniel J Walsh wrote:
>>>> http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_unconfined.patch
>>>>
>>>> Split out unconfined_t from unconfined_domain.
>>>
>>> I don't know if this will ever be upstreamable in a fashion you like.
>>> My understanding is that you want to be able to have the unconfined_t
>>> domain loaded without the unconfined_domain module loaded, so
>>> unconfined_t is the only unconfined domain.  To be acceptable for
>>> upstreaming, the unconfined role would have to unconditionally depend on
>>> the unconfined domain module, which wouldn't allow you want.
>>>
>> I don't understand your statement here.  You are saying that we can't
>> upstream this because it is impossible, and yet it works for me.
> 
> I didn't mean that its technically impossible.  It breaks concepts in
> refpolicy.  The concept of an unconfined domain resides in the
> unconfined module.  Remove the unconfined module, then there is no
> concept of unconfined domains; thus, there cannot be an unconfined user
> domain.
> 
Well then maybe we need an unconfineduser and unconfinedsystem policy package and you could choose to remove one or the other or remove unconfined and they all disappear.

next prev parent reply	other threads:[~2010-02-16 17:26 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-11-12 22:17 [refpolicy] system_unconfined.patch Daniel J Walsh
2010-02-12 20:17 ` Christopher J. PeBenito
2010-02-13 12:18   ` Daniel J Walsh
2010-02-16 13:54     ` Christopher J. PeBenito
2010-02-16 17:26       ` Daniel J Walsh [this message]
  -- strict thread matches above, loose matches on Subject: below --
2010-08-26 23:46 Daniel J Walsh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4B7AD54F.3050008@redhat.com \
    --to=dwalsh@redhat.com \
    --cc=refpolicy@oss.tresys.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.