How to properly upgrade policy

[tmolina at cablespeed.com]

> >Let me nail this down for my own benefit; maybe I am dense.  If you 
> >install the policy source package you should refrain from also installing 
> >the policy package?  
> >
> >So is it one or the other, but not both?  
> >  
> >
> No policy-sources contains files that can be used to rebuild the policy 
> (policy.18) file.  It also contains sources to rebuild file_contexts 
> file.  Other files in policy (default_contexts, initrc_context ...) are 
> not part of policy-sources.  So policy-sources gives you the ability to 
> modify some of the files in the policy package.

I originally installed both policy-sources and policy in a Fedora testing 
cycle.  I can mess with stuff and have an occasionally messy system during 
testing cycles.  For production systems that is unacceptable.  Once the 
configuration has been nailed down regarding the installed applications 
and the set of data they operate on, no further changes/rebuilds of policy 
should be necessary.  

My view is that on a user system only policy should be necessary.  Being 
able to "fixfiles relabel" would be nice.  Changing a file's context would 
be nice, too.  My impression is that some/many of the diagnostic programs 
I would like to have are split between policy and policy-sources.  

Can we have a situation (maybe it is already this way and I just don't 
understand) where I (as a system adminstrator) can log in, change a file's 
context and/or relabel the whole system with only policy installed?  If 
the file context is incorrect because of a problem with the policy I 
should be able to edit and rebuild the policy on an administrator's system 
(which would have the policy-sources) and download/install to the user's 
system, optionally relabeling the system in the process.