[refpolicy] new refpolicy release

[dwalsh@redhat.com (Daniel J Walsh)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/25/2011 09:31 AM, Dominick Grift wrote:
> 
> 
> On Mon, 2011-07-25 at 22:39 +1000, Russell Coker wrote:
>> On Mon, 25 Jul 2011, Dominick Grift <domg472@gmail.com> wrote:
>>>>> As an aside, what's the status of systemd policy?
>>>> 
>>>> There isn't one upstream.  The last time it was discussed, I
>>>> suggested that it was so different and did so many more things
>>>> that it should probably be its own module.  I haven't heard or
>>>> seen anything since then.
>>> 
>>> I started working on it and gotten pretty far until i tried
>>> shutdown. That is when i hit issues.
>>> 
>>> Kernel logging is stopped pretty early and so i could not
>>> determine what all systemd needs to shutdown properly. Spend
>>> about a week just trying various things but could not get it to
>>> work. Gave up.
>> 
>> Could you please post what you did to the list so others can work
>> on it without reinventing any wheels?
> 
> Enclosed you will find what i ended up with. Keep in mind though
> that this is dated by now (was done months ago)
> 
> Also note that i pretty much gave each executable file a private
> type and each process a private domain which is overkill but it was
> my intention at that time to just figure out what each process
> separately needs and then later consider merging domain that have
> similar properties. The idea was to first just map systemd and then
> clean it up.
> 
> Also there may be things i would do different now that we have the
> named file transitions in Fedora 16.
> 
> Also note that this policy is made in a modified refpolicy so not
> all interface calls may be available to you (but similar ones should
> be)
> 
> 
> 
> _______________________________________________ refpolicy mailing
> list refpolicy at oss.tresys.com 
> http://oss.tresys.com/mailman/listinfo/refpolicy
Systemd is changing so fast and adding so many new features that we have
not looked at this.  We are currently trying to make sure launching apps
is working correctly we have a systemd policy for some of the helper
apps at this point.

I think it would make sense to revisit the separation at a point when
the systemd stabilized.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4tguIACgkQrlYvE4MpobOblACfSGvzmuzDo1vXuKsgLBGyDoyN
rTUAn3ep1Zi9z1if1zlJU2A2FRwElRGg
=MRP3
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: systemd.te
Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20110725/20c2622f/attachment.pl 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: systemd.if
Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20110725/20c2622f/attachment-0001.pl 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: systemd.fc
Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20110725/20c2622f/attachment-0002.pl 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: systemd.te.sig
Type: application/pgp-signature
Size: 72 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20110725/20c2622f/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: systemd.if.sig
Type: application/pgp-signature
Size: 72 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20110725/20c2622f/attachment-0001.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: systemd.fc.sig
Type: application/pgp-signature
Size: 72 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20110725/20c2622f/attachment-0002.bin