On Mon, Mar 08, 2004 at 02:20:36AM -0500, Bill Nottingham wrote: > James Morris (jmorris@xxxxxxxxxx) said: > > > When new policy & policy-sources packages get downloaded and installed > > > from development, do I need to do: > > > > > > cd /etc/security/selinux/src/policy > > > make load > > > make relabel > > > > > > > Yes. > > Does this mean policy *never* gets updated on a new rpm install > without manual intevention? This seems bad. If I understand this... In development cycles having the "current" best practice policy does make sense for some, but not outside the context of "default policy development". The more general procedure would be to cd /etc/security/selinux/src/policy # examine, compare with current, update for local needs, scratch, validate... then # iff all is ok make load make relabel In fact the "policy" on "policy updates" should be the most constrained in the pile. -- T o m M i t c h e l l /dev/null the ultimate in secure storage. mitch48-at-sbcglobal-dot-net
