-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I just got burned by the policy version bumping. I blogged about how cool audit2why is and then policycoreutils/libselinux had a bug. They were hard coded to use the policy version of the kernel that was running to look for policy. They were both doing the equivalent of /etc/selinux/targeted/policy/policy.`cat /selinux/policyvers` But I guess we just bumped the version of policy to 22 in libsepol. (My mistake for not noticing). But the kernel still only supports 21. So a freshly installed machine has 22 on it and audit2why blows up with a missing policy because it is looking for 21. On my test machine I have a policy.21 and a policy.22 so I never noticed. (this in my opinion is a bug in semanage. It should have cleaned up the old version. I think this just points out the problem of adding the version number to the policy file on disk. This really serves no purpose other than to create bugs every time we bump the version. I would like to suggest that we switch to just building /etc/selinux/TYPE/policy/policy and have a symbolic link for backwards compatibility /etc/selinux/TYPE/policy/policy.22 -> policy -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkeaDnoACgkQrlYvE4MpobPKgACfXe34vNKs7cObfgncFZUoJTte 1DMAoN58Hkba5GzZzGhO0vddOiMQu+g5 =XU4s -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
