Stephen Smalley wrote:
On Wed, 2005-06-15 at 14:53 -0400, Security News wrote:
Sorry, in the first post I meant to say that I wanted to install the
policycoreutils<version>.rpm (the devil really is in the details.)
--the reason for needing this rpm is that I am hoping to be able to
install a custom policy and file-labelling without installing the
source configuration files. This is just so that even a root user
could be kept from editing my policy.conf files. I need the coreutils
b/c if the source config files are not going to be present then
neither is the Makefile, so I would need to use "fixfiles relabel" and
"load_policy".
Unless, there is a better way to load and relabel when not installing
the config source files.
I am hoping to have this installation be performed by someone else
somewhere else, and to make the installation as mindless as possible
for them.
policycoreutils is always needed for SELinux, so it should already be
installed on the base FC3 systems running targeted policy. You would
only need to install a different version of it if your strict policy
relies on a newer base version of policycoreutils than the stock FC3 one
(at which point you may want to check whether you also require a newer
libsepol and libselinux as well).
Also fixfiles/restorecon/setfiles do not require policy sources to be
installed. They use the file_context files in
/etc/selinux/TYPE/contexts/files/ directory.
Dan
--
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
