Ivan Gyurdiev wrote:
On Thu, 2005-03-31 at 07:23 -0500, Ivan Gyurdiev wrote:We could make the setsebool smarter to handle this. But currently all
How come it's disable_games in strict/booleans, but disable_games_trans in the
policy?
disable_games_trans is correct, the file's probably out of date.
How come some of those booleans are set to 0 by default - doesn't that match the selinux policy? Is the booleans file supposed to
override the src defaults? If so, shouldn't there be only 1s in that
file (since the src defaults are all 0)?
Also, the securitylevel app marks things "Changed" every time I toggle them. It seems like it would be better if it marked thigs back to "Unchanged" when I toggled them back, to prevent it from writing out every random thing I toggle into booleans.local, whether or not I change it back to where it was.
Also, my old booleans file went to booleans.rpmsave. Does that mean that
my booleans will be reset upon reboot? If so, should the %post script do
something about that to address upgrade path from FC3->FC4?
Also, should the post script remove nonexistent booleans from booleans.local upon upgrade?
post is doing is looking for an rpmsave file since booleans will now be replaced,
and renaming it to local iff local did not already exist.
setsebool now will only modify the specified boolean in the booleans.local file.
Dan
--
