PackageKit policy: background and plans
James Morris
jmorris at namei.org
Sat Nov 21 02:36:59 UTC 2009
On Fri, 20 Nov 2009, Bill Nottingham wrote:
> > MAC policy can be updated without administrative privilege, breaking our
> > MAC model in a fundamental way.
>
> I'm fairly sure that's wrong as well. Installation of another policy
> does not override the current one.
What about when the system is rebooted?
One scenario here is where the admin has made local modifications, which
are then discarded by an upgrade of the policy. It should not be
possible.
--
James Morris
<jmorris at namei.org>
More information about the devel
mailing list