On 06/30/2010 11:09 PM, Mr Dash Four wrote: > >>>> this is what i committed to my branch that might fix that: >>>> >>>> ------------------------ policy/modules/apps/livecd.te >>>> ------------------------ >>>> index 4e69cdf..5d1084a 100644 >>>> @@ -23,7 +23,7 @@ >>>> >>>> domain_ptrace_all_domains(livecd_t) >>>> >>>> -seutil_domtrans_setfiles_mac(livecd_t) >>>> +seutil_run_setfiles_mac(livecd_t, system_r) >>>> >>>> manage_dirs_pattern(livecd_t, livecd_tmp_t, livecd_tmp_t) >>>> manage_files_pattern(livecd_t, livecd_tmp_t, livecd_tmp_t) >>>> >>>> >>> Do I save this as ~/rpmbuld/SOURCES/DG-SELinux.patch and then apply it >>> to my custom selinux-policy? >>> >> >> Replace it manually. Because that isnt a proper patch. >> >> open policy/modules/apps/livecd.te. find >> seutil_domtrans_setfiles_mac(livecd_t) and replace it by >> seutil_run_setfiles_mac(livecd_t, system_r) >> > I presume this will be for the development machine (the one I am using > to create the image) as on the image itself livecd is not used at all > and is not needed. Is that correct? If so, I presume I need to compile > and install my own custom policy and replace it with the 'stock' version > - is that right? Its a bug in policy, and in that regard it affects all systems. The problem is that if you are going to maintain your own fork of selinux_policy it will be much work to maintain (a fedora update might undo your changes) Therefore it is best to submit this bug report to fedora bugzilla so that the fix can be applied upstream, then eventually it will get pushed to the repositories and end up on your system. So in your case, you might want to, in the meantime, fix it with a custom module (myseutils.pp) whilst your bug report is processed.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
