Is anyone looking at improving the Policy Server that Josh Brindle worked on a while back? http://oss.tresys.com/projects/policy-server On Fri, Mar 26, 2010 at 12:13 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > On 03/26/2010 12:06 PM, Jan Kasprzak wrote: >> Hello, SELinux list! >> >> is there anybody who uses SELinux on a cluster of computers? If so, >> I have two questions: >> >> - how do you synchronize the policy between the nodes? (Especially when >> there are local modifications and parts of a policy)? Can I >> simply rsync /etc/selinux/policy/targeted from a host I have just >> modified to the other node, and then run something (what?) to make >> the changes visible on the other node as well? >> >> > That should work, I would make sure the labels are correct running > restorecon -R -v /etc/selinux/policy after you copy them over and then > run load_policy. >> - are SELinux file contexts in ext3/4 xattrs portable between >> hosts? > Yes if they run the same or relatively the same policy. >> My cluster has a shared filesystem on top of drbd, >> mounted on a primary node. Will it work also after a failover >> to the secondary node (and remounting the FS there), or would >> it be necessary to do a restorecon on that filesystem first? >> >> > It should not be necessary to run restorecon. We have been working with > the cluster guys to get SELinux to work with it. If you have any > problems please ping me. Or open a bugzilla. >> Thanks, >> >> -Yenya >> >> > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
