On Mon, 23 Nov 2009, Bill Nottingham wrote: > > One scenario here is where the admin has made local modifications, which > > are then discarded by an upgrade of the policy. It should not be > > possible. > > Your complaint appeared to be that someone could switch from > targeted to minimal (or similar) by simply installing the other > package. It *does not work that way*, and it never has. > > If you're saying that an upgrade to a later targeted policy might > break the local customizations, doesn't that mean the targeted policy > maintainer made a mistake? Possibly (it could simply be that an updated policy is weaker for some reason) -- but it doesn't matter, there should be no way to change MAC policy without MAC privilege. - James -- James Morris <jmorris@xxxxxxxxx> -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
