Re: rpm -V selinux-policy-targeted

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Daniel J Walsh wrote:

Joe Orton wrote:

On Wed, Nov 24, 2004 at 10:05:55AM -0500, Daniel J Walsh wrote:


Joe Orton wrote:

...


..5....T. c /etc/selinux/targeted/policy/policy.18

Since policy/policy.18 is marked %config(noreplace) the new policy.18
file is installed as policy.18.rpmnew and hence it seems manual
intervention is needed to load the new policy, it's not a simple rpm -U
or up2date run away - is this desirable?

This means that you modified the file_context/policy.18 file by using selinux-policy-targeted-sources file.
The upgrade of selinux-policy-targeted-sources should do a make reload when it completes, causing the policy.18 and file_contexts file
to be replaced. This way if you made local changes they will be maintained. (There was/is a bug with the moving of the /usr/bin files
to /usr/sbin that is causing certain *sources rpms not to do a make load.


No, I didn't make any local changes, I haven't touched the files, this
was on a fresh kickstart.  Ah, it looks like the %post script for
selinux-policy-targeted-sources will reload the policy the first time
it's installed too, i.e. by anaconda.  So it's doomed from the out.

That could be changed to really only happen on upgrades, but I'd
question whether -sources should automatically reload the policy at all. Getting so easily into a state where "up2date selinux-targeted-policy"
doesn't automatically apply policy updates (given no local modifications
to the sources) is bad.




Ok we can turn off automatic update of policy from selinux-policy-*sources, but then
the user will need to manually update the policy if he has manipulated it.


A more seamless mechanism to upgrade policy is gonna be needed eventually.
I know of several problem areas, ready to attempt better upgrade if/when you are,
if you wish to attempt through rpm. A distribution mechanism outside rpm is
a quite sane alternative implementation as well.


73 de Jeff



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux