On Wed, 2004-12-29 at 21:42 -0500, Charles R. Anderson wrote: > I just yum updated, and got the latest testing kernel and policy > files: > > Install: kernel.i686 0:2.6.9-1.715_FC3 > Install: kernel-smp.i686 0:2.6.9-1.715_FC3 > [...] > Update: selinux-policy-targeted.noarch 0:1.17.30-2.58 > Update: selinux-policy-targeted-sources.noarch 0:1.17.30-2.58 > [...] > Installing: kernel-smp 100 % done 1/160 > warning: /etc/selinux/targeted/contexts/files/file_contexts created as /etc/selinux/targeted/contexts/files/file_contexts.rpmnew > warning: /etc/selinux/targeted/policy/policy.18 created as /etc/selinux/targeted/policy/policy.18.rpmnew > Updating: selinux-policy-targeted 100 % done 2/160 > > The FAQ says that the policy reloads automatically, and that a manual > relabel may be necessary. It doesn't say anything about fixing the > filenames that were named .rpmnew. How can the policy automatically > reload when the file isn't named correctly? This can happen when you have selinux-policy-targeted-sources installed. It's complicated to solve; I think we ended up deciding that if you have -sources installed, it's up to you to do a policy rebuild for new versions. > Since policy is tied to the kernel, what happens when I have more than > one kernel installed, and I boot an older one from grub? If you don't need to customize policy, deinstall the -sources package, and move the .rpmnew files over the non-.rpmnew versions. Then this problem goes away. If you do need to customize policy, then you're probably best off booting in non-enforcing mode after an update to test and ensure that your changes work with the latest package. Keeping a custom policy is nontrivial at the moment, and it's something I'd like to fix.
