PackageKit policy: background and plans

James Morris jmorris at namei.org
Sat Nov 21 02:36:59 UTC 2009


On Fri, 20 Nov 2009, Bill Nottingham wrote:

> > MAC policy can be updated without administrative privilege, breaking our 
> > MAC model in a fundamental way.
> 
> I'm fairly sure that's wrong as well. Installation of another policy
> does not override the current one.

What about when the system is rebooted?

One scenario here is where the admin has made local modifications, which 
are then discarded by an upgrade of the policy.  It should not be 
possible.


-- 
James Morris
<jmorris at namei.org>




More information about the devel mailing list