On Wed, 2004-04-21 at 11:00 -0700, Shahms King wrote: > (I just subscribed, so I'm replying from the list archive...) > > Given that FC2 is no longer shipping with SELinux enabled by default, it > makes sense to have a separate policy package for individual packages, > IMHO. While this sounds like a neat idea.. I can see problems with it being used effectively. What if a user has selinux disabled when they install a number of packages, and then decide to turn it on--the packages would have to be retrieved and installed before they could be used. That could be frustrating, especially for network isolated machines. Might it be better to include the policy with the main package, to install the policy files into the policy source, but not to rebuild or reload the policy unless selinux was running. As I understood.. shipping with selinux off by default would not mean the packages were not installed at all. If the policy will not be installed at all, and each 'extra' package installed that contained policy abstained from installing the policy, then some mechanism would be required to extract all the policy from 'extra' installed packages at the time selinux was installed or enabled (in the future). That would be difficult as well, so including the policy files may not be a perfect solution either. -- Andrew Farris, CPE senior (California Polytechnic State University, SLO) fedora@xxxxxxxxxxxxxxxx :: lmorgul on irc.freenode.net "The only thing necessary for the triumph of evil is for good men to do nothing." (Edmond Burke)
