On Wed, 2008-10-29 at 16:52 -0400, Colin Walters wrote: > On Wed, Oct 29, 2008 at 4:39 PM, Steve Grubb <sgrubb@xxxxxxxxxx> wrote: > > No this is about PolicyKit being another MAC system that needs configuring. > > Of course it would be ideal if there were One True MAC system, but > AFAIK the story on SELinux is still that the system must be secure > without it, and other vendors that we care about from the desktop > perspective (personally I just care about Ubuntu and OpenSolaris) > haven't yet finished integrating it. Of course just so it's been said...setting capabilities on binaries has little to do (or should have *very* little to do) with SELinux. Ever :) Personally I think switching to fully POSIX file caps is a wonderful idea for sometime around 2010 or a bit later, but it's not practical for regular system utilities that might be sitting on older filesystems to do this today. Root NFS will break, many custom spins, just a lot of stuff is going to be very unhappy if we start doing this. Jon. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
