PackageKit policy: background and plans
James Morris
jmorris at namei.org
Mon Nov 23 22:02:06 UTC 2009
On Mon, 23 Nov 2009, Bill Nottingham wrote:
> > One scenario here is where the admin has made local modifications, which
> > are then discarded by an upgrade of the policy. It should not be
> > possible.
>
> Your complaint appeared to be that someone could switch from
> targeted to minimal (or similar) by simply installing the other
> package. It *does not work that way*, and it never has.
>
> If you're saying that an upgrade to a later targeted policy might
> break the local customizations, doesn't that mean the targeted policy
> maintainer made a mistake?
Possibly (it could simply be that an updated policy is weaker for some
reason) -- but it doesn't matter, there should be no way to change MAC
policy without MAC privilege.
- James
--
James Morris
<jmorris at namei.org>
More information about the fedora-devel-list
mailing list