Attention: Proprietary video driver users (ATI, Nvidia, etc.)
Bruno Wolff III
bruno at wolff.to
Fri Feb 24 16:21:33 UTC 2006
On Fri, Feb 24, 2006 at 10:27:37 -0500,
Ivan Gyurdiev <ivg2 at cornell.edu> wrote:
>
> You'd enumerate all the contexts for files under /lib, /usr/lib, etc..
> places which would be declared "controlled" by rpm.
> Then you create a new attribute called "managed" or something like that,
> and mark all those types with that attribute.
> Then you write policy to allow rpm to manage those types. You write an
> assertion to make sure nothing but rpm manages those files. Then audit
> and remove all rules from policy that violate that assertion. I haven't
> written policy in a while, but shouldn't this work?
You're right you could do that. There wouldn't be just one 'managed' context
though. You'd have to make a 'managed' version of each existing context
that was used in those directories. Its a bit more work, but would be doable.
More information about the fedora-devel-list
mailing list