James Morris (jmorris@xxxxxxxxx) said: > > > MAC policy can be updated without administrative privilege, breaking our > > > MAC model in a fundamental way. > > > > I'm fairly sure that's wrong as well. Installation of another policy > > does not override the current one. > > What about when the system is rebooted? > > One scenario here is where the admin has made local modifications, which > are then discarded by an upgrade of the policy. It should not be > possible. Your complaint appeared to be that someone could switch from targeted to minimal (or similar) by simply installing the other package. It *does not work that way*, and it never has. If you're saying that an upgrade to a later targeted policy might break the local customizations, doesn't that mean the targeted policy maintainer made a mistake? Bill -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
