[DSE-Dev] Should I file a bug report?
Mika Pflüger
mika at mikapflueger.de
Mon May 12 20:33:17 UTC 2014
Hi,
Victor Porton <porton at narod.ru> wrote:
> Binary policies should not be in /etc/ but in /var/
Could you elaborate why?
Binary policy only changes due to administrator action, not when just
running things. I'd usually expect data in /var to change during normal
operation, and stuff in /etc only change due to administrator action. I
think this is more important than the fact that binary policy is not a
textfile.
Also, this could be a security feature, as /var has to be mounted
read/write, while /etc could potentially be mounted read-only. Although
I don't know if this is feasible in practice at the moment.
Cheers,
Mika
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20140512/ac1c0771/attachment.sig>
More information about the SELinux-devel
mailing list