On Wed, 15 Aug 2012, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > You should check that setfiles using glibc regex followed by setfiles > using PCRE does not change anything on the filesystem, i.e. run the > existing setfiles on all filesystems, then run the setfiles using PCRE > with -nv to report any changes that would be made without applying them. Of course that test would only really work for files that exist on the current filesystem. But that should be a good enough approximation to be useful. In terms of breakage in Debian, I'm not too bothered about that. Before every release we need to do a lot of testing anyway. The changes in this regard will be a lot less likely to break things than the regular churn of policy and daemon changes. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
