Hi, Victor Porton <por...@narod.ru> wrote: > Binary policies should not be in /etc/ but in /var/
Could you elaborate why? Binary policy only changes due to administrator action, not when just running things. I'd usually expect data in /var to change during normal operation, and stuff in /etc only change due to administrator action. I think this is more important than the fact that binary policy is not a textfile. Also, this could be a security feature, as /var has to be mounted read/write, while /etc could potentially be mounted read-only. Although I don't know if this is feasible in practice at the moment. Cheers, Mika --
signature.asc
Description: PGP signature
_______________________________________________ SELinux-devel mailing list SELinux-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel