On 2010-01-11 James Carter wrote: > On Fri, 2010-01-08 at 16:27 -0500, Caleb Case wrote: <snip> >>> >>> >>> 3) I can't remove the permissive domain created before the migration >>> because the default priority level is 400, but the script put >>> everything at priority 100 and I don't know how to change the priority >>> for semanage. >> >> semanage hasn't been updated yet to let you specify priorities. >> > I noticed. ;) > So why does the migration script put everything into priority 100 > instead of the default priority? > priority 100 is for policies distributed by the distro, 400 is default for user actions (eg., running semodule without adding a priority) I guess we could add some smarts to the migration script to put things like permissive modules and "local.pp" kinds of modules at 400. or add a list of modules distributed by red hat *shrug* I'm not sure any of these are good ideas, but they might soften the migration blow. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
