On Wed, 2005-06-01 at 04:01 +0200, Rudi Chiarito wrote: > No matter how tempting, that also sounds like a perfect way for a rogue > package to subvert the whole SELinux scheme, overriding the > preinstalled policy, right? rpm is trusted at present in Fedora. There have been discussions of limiting it, e.g. having it transition to different domains and using different file contexts depending on some measure of the "trustworthiness" of the package, but no progress there yet. You just have the traditional signature verification support at present. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
