On Fri, Feb 24, 2006 at 10:27:37 -0500, Ivan Gyurdiev <ivg2@xxxxxxxxxxx> wrote: > > You'd enumerate all the contexts for files under /lib, /usr/lib, etc.. > places which would be declared "controlled" by rpm. > Then you create a new attribute called "managed" or something like that, > and mark all those types with that attribute. > Then you write policy to allow rpm to manage those types. You write an > assertion to make sure nothing but rpm manages those files. Then audit > and remove all rules from policy that violate that assertion. I haven't > written policy in a while, but shouldn't this work? You're right you could do that. There wouldn't be just one 'managed' context though. You'd have to make a 'managed' version of each existing context that was used in those directories. Its a bit more work, but would be doable. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
