Russell Coker wrote:
On Tue, 9 Mar 2004 04:53, Tom Mitchell <mitch48@xxxxxxxxx> wrote:
If you're pushing new policy that actually fixes bugs will it break site
policy? I would be unhappy if my co-lo box had this line changed. ;-)
# uncomment to allow ssh logins as sysadm_r:sysadm_t
define(`ssh_sysadm_login')
This is a difficult issue. For Debian I have it ask a heap of questions at policy upgrade time about replacing policy files, but lots of people seem to dislike that.
One possibility is to replace files that have not been changed. However that means that if a macro changes without the calling code changing then it could break policy compiles.
RPM should leave the tunable.te file and create a tunable.te.rpmnew file.
