On Fri, Apr 19, 2002 at 11:49:10PM -0600, Vincent Danen wrote: > Fred, as an aside, does msec support "includes" in the local files? > Ie. is there a way we could include a config file within level.local > or perms.local somehow? > > For some "wierd" software, like qmail and djbdns, possibly others, it > might be nice if we could have %post add a "include qmail.msec" or > something to the file, and have qmail.msec contain some special > permissions for files.
Or better yet /etc/security/msec/perm.local.d that any RPM can put a single script in to override certain security features just by adding a file. Same idea as /etc/cron.d and /etc/profile.d. This is a far better solution than just adding an include to a file. Additionally this leads to the idea of rather than setting hard and fast policies in different security levels. Rather than just having rules that apply to the whole system that have to allow pretty much all the packages to work. You could make stronger defaults and have packages that need certain things override the level default but only if they are actually installed. All in all this would make msec even better all around. Of course it's great to come up with ideas but someone has to code them. And not being a python developer I probably won't ever actually do this myself. But maybe someone will get the itch... -- Ben Reser <[EMAIL PROTECTED]> http://ben.reser.org What difference does it make to the dead, the orphans, and the homeless, whether the mad destruction is wrought under the name of totalitarianism or the holy name of liberty and democracy? - Ghandi