for our project policy, we define several new port types which were not
yet introduced in RHEL6 (docker_port_t) and Fedora (elasticsearch_port_t).
We have a port type declaration in our policy and port assignment in
our package deployment script/scriplet.
I wonder what happens when you introduce a port mentioned above in the
core policy. My experiences so far is that policy load will fail because
ports types cannot be redefined and the same for assignments.
I was thinking if there is a generic workaround for this. I was thinking
if there is a port type naming convention that you guys would expect in
our upgrade scripts being able to undefine the port number prior
upgrade. Something like:
in case of docker. Such ports with some expected prefix could be easily
determined and all removed prior the upgrade. After that, we'd need to
upgrade our policy to create appropriate rules of course, but this is
much cleaner than having a conflict.
Is there such a naming convention? If not, is this the way this could be
solved upstream and downstream?
Lukas #lzap Zapletal
Show replies by date