On Mon, 2004-07-12 at 10:46, Tom London wrote: > Thanks. > > I have 3 systems: one running 'stock' FC2, the other 2 > running off the development and Arjan's tree. > > I'll try the 'yum update' on the stock system. As I mentioned, you want to use 'yum upgrade' to get it to pull in selinux-policy-strict, I think. 'yum update' doesn't seem to replace 'policy' with 'selinux-policy-strict'. > I'm assuming (hoping?) that the 'bleeding edge' > systems will just update (i.e., 'yum update') > smoothly..... (they've already lost the '2' > from the login splash screen, and yum.conf > has been updated to point only at the > development tree). I expect so. I have several machines running off of the development tree, with one using targeted policy and the rest using strict policy. > FC2T1 clean install had issues with > SELinux installs (home directories not properly > labeled, ...). The bugzilla entry for this > (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123856) > is not closed.... > > Has this been fixed? Need testing? I don't know; there are file_type_auto_trans() rules in firstboot.te for user home directories, but I'm not clear as to whether all issues have been resolved. useradd really needs a bit of SELinux awareness, IMHO. And I seem to recall /etc/passwd and /etc/group being re-written into the wrong type by firstboot as well during FC2 installs. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
