On Wed, 2004-03-31 at 11:07, Tim Waugh wrote: > A word of warning: the version number of the policy file has changed > in the kernel but some userland bits aren't in sync with it, causing > file context labelling not to get done. Fresh installs are likely to > fail. What userland bits caused a problem, so that we can avoid similar problems in the future? Compatibility should have been preserved: - the new kernel included code to accept either the new or old policy format - checkpolicy already included support for generating either policy format - SysVinit already included support for loading either policy format It is true that the newer policy features can't be used until the policy package is updated to start building the new policy format, but that shouldn't have prevented continued operation of the new kernel with the older policy. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
