On Wed, 26 Aug 2009, Manoj Srivastava <[email protected]> wrote: > if [ -e /etc/pam.d/login ]; then > perl -pli~ -e 'm/session.*pam_selinux.so/ && s/^\#\s*//o' > /etc/pam.d/login rm /etc/pam.d/login~ > fi > if [ -e /etc/pam.d/ssh ]; then > perl -pli~ -e 'm/session.*pam_selinux.so/ && do { s/^\#\s*//o; > s/multiple//; } ' /etc/pam.d/ssh rm /etc/pam.d/ssh~ > fi
I would prefer it if this sort of thing was kept to scripts like /usr/sbin/selinux-activate from the selinux-basics package. If you believe that selinux-activate is inadequate in some way then feel free to file a bug report (or in the case of Manoj just do an upload to fix it). In terms of documentation I think that perhaps comments in the selinux-activate script would go a long way. Then the ideal advice would be something like "use selinux-activate, but if you want to do it your own different way then read the comments and do whatever seems right". As things change scripts like selinux-activate will change to match. But we will keep them matching the current distribution. I have no objection to anyone editing config files by hand, but I would prefer that when offering advice such things be given a low priority. -- [email protected] http://etbe.coker.com.au/ My Main Blog http://doc.coker.com.au/ My Documents Blog -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
