Stephen Smalley wrote:
Hi,
In the current Fedora spec file, libselinux has libsetrans as a prereq,
thereby pulling it in on libselinux updates for all users regardless of
policy. However, libsetrans presumes that MCS is enabled and always
appends :s0 to contexts when converting to raw format if they lack it.
This breaks (for example) a system running strict policy, as libselinux
then starts using the MCS-specific libsetrans and it starts
appending :so to raw contexts, but the kernel then rejects those
contexts since it does not have a MLS-enabled policy.
libsetrans is supposed to be optional, with libselinux gracefully
falling back to no translation if it is absent. I can possibly see
making it a dependency of MCS-enabled targeted policy packages, but not
of libselinux. Yes?
Yes for now you can just disable the translation. Edit /etc/mcs.conf
and unconmment disable line. MCS Targeted policy will be available by
default in tonights rawhide.
--
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
