From: dwalsh@redhat.com (Daniel J Walsh)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH] Add Debian location for rtkit-daemon daemon
Date: Mon, 17 Sep 2012 11:25:16 -0400 [thread overview]
Message-ID: <505740DC.6090400@redhat.com> (raw)
In-Reply-To: <50573EFD.9020603@tresys.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/17/2012 11:17 AM, Christopher J. PeBenito wrote:
> On 09/13/12 12:06, Dominick Grift wrote:
>>
>>
>> On Thu, 2012-09-13 at 11:56 -0400, Daniel J Walsh wrote:
>>> On 09/13/2012 08:19 AM, Dominick Grift wrote:
>>>>
>>>>
>>>> On Thu, 2012-09-13 at 00:14 +0200, Laurent Bigonville wrote:
>>>>> From: Laurent Bigonville <bigon@bigon.be>
>>>>>
>>>>> --- rtkit.fc | 4 ++++ 1 file changed, 4 insertions(+)
>>>>>
>>>>> diff --git a/rtkit.fc b/rtkit.fc index 52c441e..fd82305 100644 ---
>>>>> a/rtkit.fc +++ b/rtkit.fc @@ -1 +1,5 @@ /usr/libexec/rtkit-daemon
>>>>> -- gen_context(system_u:object_r:rtkit_daemon_exec_t,s0) +
>>>>> +ifdef(`distro_debian',` +/usr/lib/rtkit/rtkit-daemon --
>>>>> gen_context(system_u:object_r:rtkit_daemon_exec_t,s0) +')
>>>>
>>>> This was merged. Thanks
>>>>
>>>>
>>> I have never been a big fan of the ifdef(DISTRO) stuff in the fc files.
>>> Why is it necessary hear? Only reason for this would be if another
>>> distro had a file here named /usr/lib/rtkit/rtkit-daemon that they
>>> wanted to label differently. Lets not flood the fc files with these
>>> macros. I could definitely see Fedora moving to this location. Driven
>>> by systemd.
>>
>> I agree, but until we get consensus cross the board regarding this issue
>> i don't see any reason to reject these patches.
>>
>> removing the ifdef wrappers is trivial so as soon as we can all agree ill
>> remove them.
>>
>> So i would like to hear opinions of at least pebenito. bigon and swift
>> about this as well (which i cc'd)
>
> We can always remove the ifdef if Fedora uses that path. But in this case,
> the fc seems odd to me; why would you put a service's executable in
> /usr/lib (even as a subdir)?
>
Systemd is pushing the idea that you put apps that are to be run as a service
or by a library into /usr/lib/PACKAGENAME (This apps should never be run using
multilib). As opposed to /usr/libexec.
These are the directories I have in Fedora 18
/usr/lib/gconv
/usr/lib/sse2
/usr/lib/jvm
/usr/lib/cups
/usr/lib/udev
/usr/lib/debug
/usr/lib/alsa
/usr/lib/krb5
/usr/lib/dracut
/usr/lib/kbd
/usr/lib/jvm-private
/usr/lib/jvm-exports
/usr/lib/rtkaio
/usr/lib/bonobo
/usr/lib/games
/usr/lib/binfmt.d
/usr/lib/grub
/usr/lib/security
/usr/lib/crda
/usr/lib/gcc
/usr/lib/udisks2
/usr/lib/modprobe.d
/usr/lib/systemd
/usr/lib/python2.7
/usr/lib/mozilla
/usr/lib/locale
/usr/lib/python3.3
/usr/lib/audit
/usr/lib/gems
/usr/lib/jvm-commmon
/usr/lib/modules
/usr/lib/firmware
/usr/lib/tmpfiles.d
/usr/lib/xen
/usr/lib/modules-load.d
/usr/lib/i686
/usr/lib/polkit-1
/usr/lib/yum-plugins
/usr/lib/sysctl.d
/usr/lib/man2html
/usr/lib/rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlBXQNwACgkQrlYvE4MpobNk2gCeLJAykDVtnEfo7NMYut308v/z
LQgAn2+Tibfah9G9+LsbOhSB9W4P0RAf
=uwrK
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2012-09-17 15:25 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-12 22:14 [refpolicy] [PATCH] Add Debian location for rtkit-daemon daemon Laurent Bigonville
2012-09-13 12:19 ` Dominick Grift
2012-09-13 15:56 ` Daniel J Walsh
2012-09-13 16:06 ` Dominick Grift
[not found] ` <CAPzO=NxQt0cecrjV3r-NYFhPoJrk-wWj37GeC2i8SXRc9vf0Xg@mail.gmail.com>
2012-09-14 15:30 ` Sven Vermeulen
2012-09-15 11:35 ` Laurent Bigonville
2012-09-15 18:08 ` Sven Vermeulen
2012-09-15 18:19 ` Dominick Grift
2012-09-16 19:31 ` Elia Pinto
2012-09-16 20:45 ` Dominick Grift
2012-09-17 15:17 ` Christopher J. PeBenito
2012-09-17 15:22 ` Laurent Bigonville
2012-09-17 15:24 ` Christopher J. PeBenito
2012-09-17 15:25 ` Daniel J Walsh [this message]
2012-09-17 15:30 ` Sven Vermeulen
2012-09-17 15:31 ` Daniel J Walsh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=505740DC.6090400@redhat.com \
--to=dwalsh@redhat.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.