On 7/10/09 4:26 PM, "Joshua Brindle" <jbrindle@xxxxxxxxxx> wrote: >> From: James Carter [mailto:jwcart2@xxxxxxxxxxxxx] >> >>> Its alot worse than that. What about files on backup >> drives? Offline drives? >>> transient files that will get relabeled to something inappropriate? >>> I'm not confortable relabeling databases with potentially sensitive >>> data to var_lib_t because mysql was uninstalled. >>> >> >> The argument seems to be for removing the ability to remove modules. >> It would be the roach motel style of policy management. >> > > I like it, policies check in but don't check out. I haven't heard an > argument about 1) how I'm crazy and wrong or 2) how to keep systems > running as expected otherwise though. There's certainly a case for leaving all policy installed. Policy is configuration data, which RPM also leaves installed when removing packages. We could easily treat policy the same. Chad -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
