On Wed, 2007-12-05 at 14:30 -0500, Todd Miller wrote: > Paul Moore wrote: > > The discussion for this appears to have gone quiet (at least I > > haven't seen anything else on this list). Where do things currently > > stand? > > At this point I'd be OK with requiring equivalence and throwing an error > otherwise. I do think that this will result in usability issues that we > will have to address once people start using the caps. However, with > only > a single cap defined so far it is not really possible to know how these > will end up being used. We could try to come up with a solution at least for allowing clean upgrades from F8 (w/o any caps) to F9 (likely w/ peer cap defined) without requiring manual user intervention for dealing with local modules. There are however plenty of other ways in which a policy upgrade can break at present. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
