|
|
|
|
|
|
by brians
3483 days ago
|
|
|
I've worked with SELinux professionally since 2002. The whole point of mandatory access controls is to NOT take the config file as gospel: rather, there are security goals we want to achieve even in the face of compromised daemons, or compromised app admins. That means we do have to write some of these things down twice, because we want to have a fence and a lawn. |
|
|
If you need the same info updated in two places you are doing it wrong. It could be moved up a level with a configuration management system. That way you could say Daemon X log in directory Y, and both places would get updated.