On Wed, Feb 10, 2010 at 05:19:59PM -0500, Tony Nelson wrote: > On 10-02-10 15:48:39, Adam Williamson wrote: > > Hi, all. So the privilege escalation policy went to FESco, who > > suggested some minor tweaks and a final run-by the mailing lists > > before it gets approved. > > > > I have now adjusted the draft - > > https://fedoraproject.org/wiki/User:Adamwill/ > > Draft_Fedora_privilege_escalation_policy > > - to reflect all feedback from this list and from FESco. It will be > > reviewed again by FESco next week. Please raise any potential issues > > or further suggestions for adjustments before then. Of course, even > > if the policy is accepted by FESCo it will not be set in stone and > > changes and exceptions can be added in future as appropriate, but I'd > > like to have it as good as possible at first :) thanks all! > > "Directly read or write directly to or from system memory" has an extra > (or out of order) "directly". It's also going to be tricky to run any programs if they can't access the memory in the system. Can the definition be tightened up -- eg. "kernel memory and memory-mapped devices" or "memory other than userspace pages allocated to the current user"? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into Xen guests. http://et.redhat.com/~rjones/virt-p2v -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel