Aleksander Adamowski wrote:
I've figured out that indeed my unloading of unconfined.pp was causing
the problem with loading the base policy. However, copying
/usr/share/selinux/targeted/unconfined.pp manually to
/etc/selinux/targeted/modules/active/modules has allowed me to load
the new base.pp.
The problem with the solution is that now I cannot "semodule -r
unconfined" like Dan has advised for Fedora 8.
On Fedora 9 this results in this error:
# semodule -r unconfined
libsepol.context_from_record: type samba_unconfined_script_exec_t is not
defined
libsepol.context_from_record: could not create context structure
libsepol.context_from_string: could not create context structure
libsepol.sepol_context_to_sid: could not convert
system_u:object_r:samba_unconfined_script_exec_t:s0 to sid
invalid context system_u:object_r:samba_unconfined_script_exec_t:s0
Has the procedure of removing the "unconfined" module been superseded by
something else in Fedora 9?
BTW, this is probably a question to Dan: is there any single place with
documentation about all the changes in the SELinux policy and procedures
relating to its customisation between Fedora releases? There is no such
information in Fedora's release notes (where any sane being would look
for them first).
Currently with each Fedora Release there are numerous changes that break
backward compatibility and significantly change the customisation
procedures. However, I were able to find information about them only by
scraping them from all around the web - from interviews with Dan Walsh,
his LiveJournal blog, some random mailing list discussions,
half-finished Fedora Wiki pages and so on. Am I missing something?
Is there a place where comprehensive documentation for all this lies?
--
Best Regards,
Aleksander Adamowski
GG#: 274614
ICQ UIN: 19780575
http://olo.org.pl
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
