Re: Installing new policy?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 9 Mar 2004 03:06, Paul Nasrat <pauln@xxxxxxxxxxxx> wrote:
> On Mon, Mar 08, 2004 at 11:07:43AM -0500, Bill Nottingham wrote:
> > Tom Mitchell (mitch48@xxxxxxxxxxxxx) said:
> > > If I understand this...
> > >
> > > In development cycles having the "current" best practice policy does
> > > make sense for some,  but not outside the context of "default policy
> > > development".
> >
> > Yes, but if you're pushing new policy that actually fixes bugs
> > (think post-release here), you'd want that automatically installed
> > on upgrade.
>
> I believe Jeff was working on this, however the hooks would have to be in
> rpm I imagine as you probably don't want rpm_script_t having write access
> to policy_src_t right?

At the moment rpm_script_t has access to so much that there's no point in 
trying to impose any serious restriction on it.

I suspect that limiting rpm_script_t in any significant way will have to wait 
until we have multiple domains for rpm for installing packages with different 
signatures.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux