On Wed, 12 Oct 2005 14:24:25 -0400, Stephen Smalley wrote: > No, that should be possible. What I meant was the ability to confine the > rules that can exist in a given policy module installed from a given > package, e.g. so that a policy module shipped in the foo package can't > open up read access to /etc/shadow. That requires the policy server, see > http://sepolicy-server.sourceforge.net/index.php Wow, meta-policy? That sounds useful but mind-expanding :) Anyway, good to know! I look forward to getting my hands on FC5 when it comes out. It'll be interesting to see how far we can restrict installers before we start breaking them. thanks -mike -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
