Adam Williamson wrote: > SELinux keeps having bugs *because* they progressively build out the > policies. The coverage of the -targeted policy is now greater than it > was a few releases back. If they kept the coverage of the stock policies > the same over time there would be almost no new bugs, but instead, they > increase the coverage and hence the security it provides progressively > with each release. *Some* bugs are associated with files moving or > program functionality changing or whatever, but most are just the result > of the policies growing: the 'scaling' that you say isn't working. It isn't working because it's adding hundreds of new policy bugs in every new Fedora release. And coverage is still VERY far from 100% of Fedora. Kevin Kofler -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel