> > Further, of course, DHCP is just an example of this class of problem. > > > > I agree that the problem is inherent to some degree, but minimally the > > admin should have a way to observe overrides to the their security policy, > > lest they think the system is more locked down than it really is. > > We can certainly make per-socket policy overrides more observable.
I'll log an RFE. ("More" observable implies they can be observed today --
is this with a debugger, or an admin tool?)
--
meem
