On Fri, 20 Nov 2009, Bill Nottingham wrote: > > MAC policy can be updated without administrative privilege, breaking our > > MAC model in a fundamental way. > > I'm fairly sure that's wrong as well. Installation of another policy > does not override the current one. What about when the system is rebooted? One scenario here is where the admin has made local modifications, which are then discarded by an upgrade of the policy. It should not be possible. -- James Morris <jmorris@xxxxxxxxx> -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
