Fedora Core 4

Colin Walters walters at redhat.com
Mon Jan 17 15:43:25 UTC 2005


On Mon, 2005-01-17 at 10:36 -0500, Sean Middleditch wrote:
> On Mon, 2005-01-17 at 10:33 -0500, Colin Walters wrote:
> > On Mon, 2005-01-17 at 09:30 -0500, Sean Middleditch wrote:
> > 
> > > Besides, changing them in Nautilus *WILL* break the system, because the
> > > second a package upgrade for selinux policies comes in and restorecon is
> > > run all of their customized settings will be erased.  
> > 
> > The policy package doesn't do any relabeling at the moment.  This will
> > likely change though, because it does cause problems.  When that occurs,
> > consideration will be given to preserving customized file contexts.
> 
> So a policy update that necessitates a security fix - like changing the
> context of a file that was mislabeled and is allowing access that should
> be denied - can't be done?

It could be done, but that solution would have to be weighed against
other available solutions.  For example, why did this file get
mislabeled?  Can we fix the root cause?  Can we keep the context and
adjust policy?  Etc.





More information about the fedora-devel-list mailing list