On Tue, 9 Mar 2004 03:06, Paul Nasrat <pauln@xxxxxxxxxxxx> wrote: > On Mon, Mar 08, 2004 at 11:07:43AM -0500, Bill Nottingham wrote: > > Tom Mitchell (mitch48@xxxxxxxxxxxxx) said: > > > If I understand this... > > > > > > In development cycles having the "current" best practice policy does > > > make sense for some, but not outside the context of "default policy > > > development". > > > > Yes, but if you're pushing new policy that actually fixes bugs > > (think post-release here), you'd want that automatically installed > > on upgrade. > > I believe Jeff was working on this, however the hooks would have to be in > rpm I imagine as you probably don't want rpm_script_t having write access > to policy_src_t right? At the moment rpm_script_t has access to so much that there's no point in trying to impose any serious restriction on it. I suspect that limiting rpm_script_t in any significant way will have to wait until we have multiple domains for rpm for installing packages with different signatures. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
