-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/03/2011 03:25 PM, Mr Dash Four wrote: > >> Might have been some merge issue with upstream policy. >> >> I think Fedora and refpolicy implement configfile each in a different >> way, this may (or may not) cause confusion when Fedora merges upstream >> refpolicy in its branch. >> > I am annoyed because I do not want to be dealing with issues which were > 'resolved' nearly a year ago just to resurface again when I try to upgrade. Yes, but this may just be an isolated incident. We are still only human plus some things changed in the way policy is maintained (moved to git/ new maintainer) > Anyway, I backed out of this upgrade because as it turns out there are > also quite a few issues with compiling the kernel as well, so I may as > well just wait until FC15 comes around - I do not normally follow even > number Fedora upgrades, but do not know what possessed me over the xmas > period to go for this upgrade... SeLinux related issues? can you be more specific? >> In my view allowing iptables to read all config files is sub-optimal. >> >> I would probably just allow: >> >> shorewall_read_config(iptables) >> > I did that as a temporary measure (added optional_policy statement with > shorewall_read_config) to see if it is going to cure the problem - it > did, though, as you put it above, it is not ideal. > shorewall_read_config IS ideal in my view. (unlike what Fedora previously may have implemented) I think its probably best to just report this issue to bugzilla.redhat.com/f14/selinux-policy so that it can be fixed. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0h3jsACgkQMlxVo39jgT+KtwCfQmzzH7PcrzSkRNHI+UP4WL0Q r1UAoIS426C23A/oMoyzXwLtYEv1zEaN =lOVU -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
