Re: SE Linux policy update
On Sat, 19 Mar 2011, "Adam D. Barratt" <adam@adam-barratt.org.uk> wrote:
> > They have all been tested on multiple systems. Also many of the changes
> > are related to things that didn't work at all previously so there was
> > little scope for regression.
>
> Okay.
Apart from the one I just backed out. :-#
> > > > * Add tunable user_manage_dos_files which defaults to true
> > >
> > > What's the current behaviour? All users can manage such files, or none
> > > can?
> >
> > None.
>
> Hmmm, so this is introducing a behaviour change.
A behavior change that makes it work in the expected manner by default while
also allowing tuning it for maximum restriction seems like a reasonable thing
to include. I don't think that many users desire their USB flash storage
devices to be entirely inaccessible to user applications.
> > > > * Dontaudit bind_t write attempts to / for lwresd calling
> > > > access(".", W_OK)
> > >
> > > "Don't audit"
> >
> > Stops filling the logs when the daemon is just asking whether the
> > directory is writable.
>
> I guessed what the change was for, but was commenting on the fact that
> the changelog entry said "Dontaudit", which looked like it should have
> been "don't audit"; apologies if that wasn't clear enough.
"dontaudit" is a SE Linux policy key word. Capitalising it at the start of
the sentence might be considered dubious, but seems like the clearest way of
expressing it.
> > Now what's the procedure for uploading it? Do I just replace "unstable"
> > with "stable" in the changelog, use the version number you requested,
> > and then upload it?
>
> It looks like you've done that in the meantime.
>
> p-u-NEW's been frozen for the past week in preparation for the point
> release later today, and DSA are planning to upgrade the machine to
> Squeeze later in the day, so we'll start working through the queue again
> over the next few days.
So I've missed this point release? What's the deadline for the next one?
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
Reply to: