Packaging hotfixes

Axel Thimm Axel.Thimm at
Mon Apr 3 17:11:34 UTC 2006


is there a way to have policy enhancements per packages? I'm asking
this because both fedora's and upstream handling of new selinux rules
works great, still the upgraded selinux-policy packages need some time
to hit the users and while they wait for their nvidia, avidemux,
whatever fix, they always seem to need it instantaneously and prefer
to turn off selinx altogether instead of waiting for a fix.

If there is a way to locally add rules from packages, then the
problematic app foo could carry an selinux snippet with itself and
install it until the policy package catches up.

Or would such a mechanism allow any package to overthrow selinux
altogether thus making this more of a security risk than a feature?
Axel.Thimm at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <>

More information about the fedora-selinux-list mailing list