On Wed, 12 Oct 2005 15:37:35 -0400, Joshua Brindle wrote: > The format is versioned the same way the kernel binary format is, so any > changes to the format use a different version number, and backward > compatbility is retained. That's good, but it's not what I asked. What are the binary compatibility commitments you guys are making? Is it expected that the format will change in future? Was it designed to be extendable? Is there some kind of internal chunking system so new data can be added in a way that older versions of SELinux will ignore? > only as neutral as policies are, which isn't all that neutral right now. Hmm, that sucks. For very simple policy like "this process can do XYZ" shouldn't it be independent of targeted vs strict/fedora vs gentoo? Are the capability names actually variable between distributions? > Hopefully this will change when reference policy is used by everyone > and optional tunables are built in to the language. OK, I'm glad there's a plan for this. > you might look at this thread: > http://marc.theaimsgroup.com/?l=selinux&m=112871525005860&w=2 for more > information. Particularly the justification for building seperate packages > for policy and the application. OK. This doesn't affect autopackage so much as it's meant for third party packages, and therefore developers are expected to define their own policy which would be independent of strict/targeted. I question the solution given for RPM - why not simply fix RPM so it loads policy before installing files? thanks -mike -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
