Re: Bits from the release team and request for discussion
On Wed, 26 Aug 2009, Manoj Srivastava <srivasta@debian.org> wrote:
> if [ -e /etc/pam.d/login ]; then
> perl -pli~ -e 'm/session.*pam_selinux.so/ && s/^\#\s*//o'
> /etc/pam.d/login rm /etc/pam.d/login~
> fi
> if [ -e /etc/pam.d/ssh ]; then
> perl -pli~ -e 'm/session.*pam_selinux.so/ && do { s/^\#\s*//o;
> s/multiple//; } ' /etc/pam.d/ssh rm /etc/pam.d/ssh~
> fi
I would prefer it if this sort of thing was kept to scripts
like /usr/sbin/selinux-activate from the selinux-basics package.
If you believe that selinux-activate is inadequate in some way then feel free
to file a bug report (or in the case of Manoj just do an upload to fix it).
In terms of documentation I think that perhaps comments in the
selinux-activate script would go a long way. Then the ideal advice would be
something like "use selinux-activate, but if you want to do it your own
different way then read the comments and do whatever seems right".
As things change scripts like selinux-activate will change to match. But we
will keep them matching the current distribution.
I have no objection to anyone editing config files by hand, but I would prefer
that when offering advice such things be given a low priority.
--
russell@coker.com.au
http://etbe.coker.com.au/ My Main Blog
http://doc.coker.com.au/ My Documents Blog
Reply to: