-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aleksander Adamowski wrote: > Aleksander Adamowski wrote: >> >> I've figured out that indeed my unloading of unconfined.pp was causing >> the problem with loading the base policy. However, copying >> /usr/share/selinux/targeted/unconfined.pp manually to >> /etc/selinux/targeted/modules/active/modules has allowed me to load >> the new base.pp. > The problem with the solution is that now I cannot "semodule -r > unconfined" like Dan has advised for Fedora 8. > On Fedora 9 this results in this error: > > # semodule -r unconfined > libsepol.context_from_record: type samba_unconfined_script_exec_t is not > defined > libsepol.context_from_record: could not create context structure > libsepol.context_from_string: could not create context structure > libsepol.sepol_context_to_sid: could not convert > system_u:object_r:samba_unconfined_script_exec_t:s0 to sid > invalid context system_u:object_r:samba_unconfined_script_exec_t:s0 > > Has the procedure of removing the "unconfined" module been superseded by > something else in Fedora 9? > > BTW, this is probably a question to Dan: is there any single place with > documentation about all the changes in the SELinux policy and procedures > relating to its customisation between Fedora releases? There is no such > information in Fedora's release notes (where any sane being would look > for them first). > > Currently with each Fedora Release there are numerous changes that break > backward compatibility and significantly change the customisation > procedures. However, I were able to find information about them only by > scraping them from all around the web - from interviews with Dan Walsh, > his LiveJournal blog, some random mailing list discussions, > half-finished Fedora Wiki pages and so on. Am I missing something? > Is there a place where comprehensive documentation for all this lies? > > I am fixing this in policy so you can remove the unconfined_domain. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkijMwEACgkQrlYvE4MpobNNGACfUJzZWk6p8yNz7FmoJX48fWOa DK4AoIO3MV4oZUjiCgAV8P17DqKOjuzh =22eQ -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
