It seems clear that there isn't anyone on the PolicyKit team who does what Bruce Schneier (among others) regularly urges: you need someone on your team who can think like a black hat. Given a proposed policy decision, what new attack vectors can it open up? Clearly there are SELinux folks who can think this way, but it doesn't seem that there's enough communication going on.
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds