* [refpolicy] authbind policy should be removed
@ 2014-01-14 4:12 Russell Coker
2014-01-14 10:16 ` Dominick Grift
0 siblings, 1 reply; 7+ messages in thread
From: Russell Coker @ 2014-01-14 4:12 UTC (permalink / raw)
To: refpolicy
>From a casual inspection it seems that no daemons call the interfaces for
authbind.
Authbind has not been tested in Debian for many years, has it ever been tested
in any other distribution?
The purpose of authbind is removed by the fact that SE Linux can restrict
daemons which run as root.
I don't think that there is a good cause to have authbind policy in the
archive and it currently doesn't work. So I think it should be removed.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] authbind policy should be removed
2014-01-14 4:12 [refpolicy] authbind policy should be removed Russell Coker
@ 2014-01-14 10:16 ` Dominick Grift
2014-01-14 10:52 ` Russell Coker
0 siblings, 1 reply; 7+ messages in thread
From: Dominick Grift @ 2014-01-14 10:16 UTC (permalink / raw)
To: refpolicy
On Tue, 2014-01-14 at 15:12 +1100, Russell Coker wrote:
> >From a casual inspection it seems that no daemons call the interfaces for
> authbind.
>
> Authbind has not been tested in Debian for many years, has it ever been tested
> in any other distribution?
>
> The purpose of authbind is removed by the fact that SE Linux can restrict
> daemons which run as root.
>
> I don't think that there is a good cause to have authbind policy in the
> archive and it currently doesn't work. So I think it should be removed.
>
You do not have to install that module. If you don't want it then just
remove it from your modules.conf, or do semodule -r authbind if its
already installed.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] authbind policy should be removed
2014-01-14 10:16 ` Dominick Grift
@ 2014-01-14 10:52 ` Russell Coker
2014-01-14 11:15 ` Dominick Grift
0 siblings, 1 reply; 7+ messages in thread
From: Russell Coker @ 2014-01-14 10:52 UTC (permalink / raw)
To: refpolicy
On Tue, 14 Jan 2014, Dominick Grift <dominick.grift@gmail.com> wrote:
> You do not have to install that module. If you don't want it then just
> remove it from your modules.conf, or do semodule -r authbind if its
> already installed.
What is the point in having dead code in the repository?
Code that is in the repository may be copied by other people, code that starts
with the letter 'a' is more likely to be copied. We don't want bad code
copied to make more bad code.
The existence of the policy files will lead people to believe that it will
work, it won't. It will also lead people to believe that it's a good idea, on
a SE Linux system it really isn't.
In retrospect I probably shouldn't have even written that policy module. At
the time we converted to modular policy whoever wasted time on converting it
shouldn't have done so. It's about 10 years overdue for that module to be
removed.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] authbind policy should be removed
2014-01-14 10:52 ` Russell Coker
@ 2014-01-14 11:15 ` Dominick Grift
2014-01-14 13:41 ` Christopher J. PeBenito
0 siblings, 1 reply; 7+ messages in thread
From: Dominick Grift @ 2014-01-14 11:15 UTC (permalink / raw)
To: refpolicy
On Tue, 2014-01-14 at 21:52 +1100, Russell Coker wrote:
> On Tue, 14 Jan 2014, Dominick Grift <dominick.grift@gmail.com> wrote:
> > You do not have to install that module. If you don't want it then just
> > remove it from your modules.conf, or do semodule -r authbind if its
> > already installed.
>
> What is the point in having dead code in the repository?
You have a point but it's not that compelling to me. There is plenty
(what i would consider) dead policy in contrib and as long as its not in
the way i personally do not really think it has much priority to remove
it.
With the base repository it is bit of a different story as far as i am
concerned.
But this is just for discussion purposes. If others have a different
opinion then obviously i will just go with the flow of the majority.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] authbind policy should be removed
2014-01-14 11:15 ` Dominick Grift
@ 2014-01-14 13:41 ` Christopher J. PeBenito
2016-11-23 0:57 ` Russell Coker
0 siblings, 1 reply; 7+ messages in thread
From: Christopher J. PeBenito @ 2014-01-14 13:41 UTC (permalink / raw)
To: refpolicy
On 01/14/14 06:15, Dominick Grift wrote:
> On Tue, 2014-01-14 at 21:52 +1100, Russell Coker wrote:
>> On Tue, 14 Jan 2014, Dominick Grift <dominick.grift@gmail.com> wrote:
>>> You do not have to install that module. If you don't want it then just
>>> remove it from your modules.conf, or do semodule -r authbind if its
>>> already installed.
>>
>> What is the point in having dead code in the repository?
>
> You have a point but it's not that compelling to me. There is plenty
> (what i would consider) dead policy in contrib and as long as its not in
> the way i personally do not really think it has much priority to remove
> it.
>
> With the base repository it is bit of a different story as far as i am
> concerned.
Looking at the policy, my guess is that its nowhere near working. As Russell has pointed out, is been in existence for eons and hasn't improved. Since no one seems to have any interest in using it and it's broken, I'm fine removing it. It's still revision controlled, so if there is future interest, it can still be retrieved from the git history (not that there is much to the policy if it needs to be remade).
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] authbind policy should be removed
2014-01-14 13:41 ` Christopher J. PeBenito
@ 2016-11-23 0:57 ` Russell Coker
2016-11-23 3:20 ` Chris PeBenito
0 siblings, 1 reply; 7+ messages in thread
From: Russell Coker @ 2016-11-23 0:57 UTC (permalink / raw)
To: refpolicy
On Tuesday, 14 January 2014 8:41:32 AM AEDT Christopher J. PeBenito wrote:
> On 01/14/14 06:15, Dominick Grift wrote:
> > On Tue, 2014-01-14 at 21:52 +1100, Russell Coker wrote:
> >> On Tue, 14 Jan 2014, Dominick Grift <dominick.grift@gmail.com> wrote:
> >>> You do not have to install that module. If you don't want it then just
> >>> remove it from your modules.conf, or do semodule -r authbind if its
> >>> already installed.
> >>
> >> What is the point in having dead code in the repository?
> >
> > You have a point but it's not that compelling to me. There is plenty
> > (what i would consider) dead policy in contrib and as long as its not in
> > the way i personally do not really think it has much priority to remove
> > it.
> >
> > With the base repository it is bit of a different story as far as i am
> > concerned.
>
> Looking at the policy, my guess is that its nowhere near working. As
> Russell has pointed out, is been in existence for eons and hasn't improved.
> Since no one seems to have any interest in using it and it's broken, I'm
> fine removing it. It's still revision controlled, so if there is future
> interest, it can still be retrieved from the git history (not that there is
> much to the policy if it needs to be remade).
Almost 3 years later and it's still in the repository, are we going to remove
it?
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] authbind policy should be removed
2016-11-23 0:57 ` Russell Coker
@ 2016-11-23 3:20 ` Chris PeBenito
0 siblings, 0 replies; 7+ messages in thread
From: Chris PeBenito @ 2016-11-23 3:20 UTC (permalink / raw)
To: refpolicy
On 11/22/16 19:57, Russell Coker via refpolicy wrote:
> On Tuesday, 14 January 2014 8:41:32 AM AEDT Christopher J. PeBenito wrote:
>> On 01/14/14 06:15, Dominick Grift wrote:
>>> On Tue, 2014-01-14 at 21:52 +1100, Russell Coker wrote:
>>>> On Tue, 14 Jan 2014, Dominick Grift <dominick.grift@gmail.com> wrote:
>>>>> You do not have to install that module. If you don't want it then just
>>>>> remove it from your modules.conf, or do semodule -r authbind if its
>>>>> already installed.
>>>>
>>>> What is the point in having dead code in the repository?
>>>
>>> You have a point but it's not that compelling to me. There is plenty
>>> (what i would consider) dead policy in contrib and as long as its not in
>>> the way i personally do not really think it has much priority to remove
>>> it.
>>>
>>> With the base repository it is bit of a different story as far as i am
>>> concerned.
>>
>> Looking at the policy, my guess is that its nowhere near working. As
>> Russell has pointed out, is been in existence for eons and hasn't improved.
>> Since no one seems to have any interest in using it and it's broken, I'm
>> fine removing it. It's still revision controlled, so if there is future
>> interest, it can still be retrieved from the git history (not that there is
>> much to the policy if it needs to be remade).
>
> Almost 3 years later and it's still in the repository, are we going to remove
> it?
Thanks for the reminder. It's gone.
--
Chris PeBenito
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2016-11-23 3:20 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-01-14 4:12 [refpolicy] authbind policy should be removed Russell Coker
2014-01-14 10:16 ` Dominick Grift
2014-01-14 10:52 ` Russell Coker
2014-01-14 11:15 ` Dominick Grift
2014-01-14 13:41 ` Christopher J. PeBenito
2016-11-23 0:57 ` Russell Coker
2016-11-23 3:20 ` Chris PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.