[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PackageKit policy: background and plans



James Morris (jmorris namei org) said: 
> > > MAC policy can be updated without administrative privilege, breaking our 
> > > MAC model in a fundamental way.
> > 
> > I'm fairly sure that's wrong as well. Installation of another policy
> > does not override the current one.
> 
> What about when the system is rebooted?
> 
> One scenario here is where the admin has made local modifications, which 
> are then discarded by an upgrade of the policy.  It should not be 
> possible.

Your complaint appeared to be that someone could switch from
targeted to minimal (or similar) by simply installing the other
package. It *does not work that way*, and it never has.

If you're saying that an upgrade to a later targeted policy might
break the local customizations, doesn't that mean the targeted policy
maintainer made a mistake?

Bill


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]