-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This patch might be somewhat controversial, it basically sets the default for semanage to MLS mode when selinux is disabled. System can not determine if the policy is MLS or not, so current default is not, so semanage blows up on disabled machines. A better long term solution would be to add a interface to libsemanage to look at the installed policy and decipher what the policy supports. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkkUVF8ACgkQrlYvE4MpobMG7wCfeSr2C2a2vc6Z3QVizdm4CpTk EmwAoKDKxaDxq+Zrc3+Bp4RbjhrGUGXv =GkGs -----END PGP SIGNATURE-----
--- nsapolicycoreutils/semanage/seobject.py 2008-09-12 11:48:15.000000000 -0400
+++ policycoreutils-2.0.57/semanage/seobject.py 2008-10-28 15:48:14.000000000 -0400
@@ -35,7 +35,7 @@
import __builtin__
__builtin__.__dict__['_'] = unicode
-is_mls_enabled = selinux.is_selinux_mls_enabled()
+is_mls_enabled = not selinux.is_selinux_enabled() or selinux.is_selinux_mls_enabled()
import syslog
Attachment:
seobject_mls.patch.sig
Description: Binary data
