On Fri, 12.06.15 19:00, Miroslav Grepl (mgrepl@xxxxxxxxxx) wrote: > On 06/12/2015 12:17 PM, Lennart Poettering wrote: > > On Thu, 11.06.15 06:51, Jan Kurik (jkurik@xxxxxxxxxx) wrote: > > > >> = Proposed System Wide Change: SELinux policy store migration = > >> https://fedoraproject.org/wiki/Changes/SELinuxPolicyStoreMigration > > > > I cannot make sense of this with my limited selinux knowledge, could > > you please elaborate on this on the changes page for people like me > > who only have a superficial understanding of selinux? > > Yeap, we are working on it. > > Basically the binary policy file > (/etc/selinux/targeted/policy/policy.29) loaded to kernel is built from > SELinux policy modules. These modules are currently located in > /etc/selinux/targeted/modules and we call it as a "module store". This > store is now moved to /var/lib/selinux/targeted/modules. This only > affects tools like semanage, semodule which are used for a policy > manipulation. So we are able to boot without /var also from SELinux > point of view. Why /var and not /usr? If these module files are shipped with RPMs as vendor versions they belong in /usr, no? What makes this approproate for moving them to /var? Lennart -- Lennart Poettering, Red Hat -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
