[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the release team and request for discussion

On Wed, 26 Aug 2009, Manoj Srivastava <srivasta@debian.org> wrote:
> if [ -e  /etc/pam.d/login ]; then
>   perl -pli~ -e 'm/session.*pam_selinux.so/ && s/^\#\s*//o'
> /etc/pam.d/login rm /etc/pam.d/login~
> fi
> if [ -e /etc/pam.d/ssh ]; then
>   perl -pli~ -e 'm/session.*pam_selinux.so/ && do { s/^\#\s*//o;
> s/multiple//; } ' /etc/pam.d/ssh rm /etc/pam.d/ssh~
> fi

I would prefer it if this sort of thing was kept to scripts 
like /usr/sbin/selinux-activate from the selinux-basics package.

If you believe that selinux-activate is inadequate in some way then feel free 
to file a bug report (or in the case of Manoj just do an upload to fix it).

In terms of documentation I think that perhaps comments in the 
selinux-activate script would go a long way.  Then the ideal advice would be 
something like "use selinux-activate, but if you want to do it your own 
different way then read the comments and do whatever seems right".

As things change scripts like selinux-activate will change to match.  But we 
will keep them matching the current distribution.

I have no objection to anyone editing config files by hand, but I would prefer 
that when offering advice such things be given a low priority.

http://etbe.coker.com.au/          My Main Blog
http://doc.coker.com.au/           My Documents Blog

Reply to: