Re: Making Fedora a contributer friendly environment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2007-05-10 at 11:49 -0400, Karl MacMillan wrote:
> [CC'd the selinux development list so that the developers are aware of
> these issues]
> 
> On Thu, 2007-05-10 at 16:50 +0200, Till Maas wrote:
> > On Do Mai 10 2007, Karl MacMillan wrote:
> > 
> > > When selinux is turned on again a full relabel of the filesystem is done
> > > to correct these problems. If the custom file context wasn't added to
> > > the database of file contexts (via a module or semanage) the file is set
> > > to the default label.
> > 
> > So will chcon in a scriptlet work, when an rpm is installed while selinux is 
> > not active?
> > 
> 
> Unfortunately it won't - does semanage / semodule work in this instance
> (it probably should so that users can turn selinux back on after
> disabling and doing package management).

semodule works with selinux disabled (it won't load the resulting policy
naturally, but it manipulates the policy store and regenerates the
policy files appropriately, so they would be used when selinux is next
enabled, and a relabel would happen at that time).  semanage has some
dependencies on libselinux (e.g. is_selinux_mls_enabled,
security_check_context) that should be converted to using libsemanage or
libsepol interfaces, and then there is the separate issue of the context
translation support.

-- 
Stephen Smalley
National Security Agency

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux