From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <52A1F4D2.2010301@redhat.com> Date: Fri, 06 Dec 2013 11:01:22 -0500 From: Daniel J Walsh MIME-Version: 1.0 To: Dominick Grift CC: Stephen Smalley , Pavel Roschin , selinux@tycho.nsa.gov Subject: Re: avtab dense hash table References: <20131205130431.7fe3c727.roshin@scriptumplus.ru> <52A08A87.2030009@tycho.nsa.gov> <1386258595.2469.18.camel@d30> <52A0ED28.6050804@tycho.nsa.gov> <1386279472.2469.51.camel@d30> <52A1D65C.3070607@tycho.nsa.gov> <52A1DBA8.2050708@redhat.com> <1386344766.2469.76.camel@d30> In-Reply-To: <1386344766.2469.76.camel@d30> Content-Type: text/plain; charset=UTF-8 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/06/2013 10:46 AM, Dominick Grift wrote: > On Fri, 2013-12-06 at 09:14 -0500, Daniel J Walsh wrote: > >> >> We have been doing some consolidation in Fedora. We have combined spam >> tools into a single domain spamassassin. Might have been better to >> create a new policy for this. >> >> We have also created antivirus which combined all of the antivirus >> tools. >> >> The next big one I would like to see combined are mail servers and mail >> clients. (Elimination of all the different postfix domains, would >> eliminate large numbers of bugs over the years.) >> >> > > Yes i am aware of the antivirus policy in Fedora. I did not merge that into > refpolicy (yet) because at that point i did not feel comfortable with it. I > probably thought it was too early to merge it, and wanted to wait for some > of the bugs to be ironed out in fedora first. > > Some other consolidation changes i am not comfortable with (yet). > fortunately those mostly apply to refpolicy-base, and so it is not up to be > to decide whether to adopt those or not. > > There are also some things i plain do not like the way it is implemented > now. For example modules that have combinations of domains that might not > strictly depend on each other. (one possible example might be rhcs module). > I like to keep domains separate as much as possible because that provides > flexibility. e.g. I could remove one or a few without having to remove them > all. > > > Yes I guess work with mgrepl on splitting that one apart. It seems to have grown organically. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlKh9NEACgkQrlYvE4MpobN1eACgpfYJhhNP7j2/NST4/cJH8wJU srMAoNDXVwVUekVVWtDLcHqaFp2RpvpQ =RsZ2 -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.