Hi, is there a way to have policy enhancements per packages? I'm asking this because both fedora's and upstream handling of new selinux rules works great, still the upgraded selinux-policy packages need some time to hit the users and while they wait for their nvidia, avidemux, whatever fix, they always seem to need it instantaneously and prefer to turn off selinx altogether instead of waiting for a fix. If there is a way to locally add rules from packages, then the problematic app foo could carry an selinux snippet with itself and install it until the policy package catches up. Or would such a mechanism allow any package to overthrow selinux altogether thus making this more of a security risk than a feature? -- Axel.Thimm at ATrpms.net
Attachment:
pgp3l3NtzQZpf.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
