[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security policy oversight needed?



On Thu, Nov 19, 2009 at 4:48 PM, Jesse Keating <jkeating redhat com> wrote:
> On Thu, 2009-11-19 at 09:14 -0500, Owen Taylor wrote:
>> It doesn't work practically: configuration for packages needs to live
>> with the package. Putting gigantic amounts of configuration into the
>> %post of a kickstart file quickly becomes unmanageable. And the idea
>> that we make configuration changes in the %post of the kickstart really
>> falls part badly once people start upgrading their install to the next
>> version of Fedora.
>>
>
> Which is why you do it with specifically selected policy packages, and
> not trying to write out files in %post.  Create a set of policy packages
> that define certain user cases, and pick from those as you construct a
> spin.

This makes sense to me; but there are details to work out.

* Do we have any guidelines on what the policy should be in upstream
source?  Corresponding Fedora RPMs?
* Do we have a fedora-default-policykit-policy?
* How do we get this installed on upgrades?  Code in preupgrade?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]