I have not installed the ref policy for CentOS, but consider that SELinux policy modules are a great avenue to customize your system. Maybe you should tell us what you are trying to achieve? --Stephen > -----Original Message----- > From: David Li [mailto:dlipubkey@xxxxxxxxx] > Sent: Friday, December 11, 2015 11:31 AM > To: Higgs, Stephen > Cc: selinux@xxxxxxxxxxxxx > Subject: Re: A newbie's question > > Hi Stephen, > > If I install my own ref policy RPM on the Centos7 box, would that > replace the existing or stock ref policy? > > David > > On Tue, Dec 8, 2015 at 10:48 AM, Higgs, Stephen <Stephen.Higgs@xxxxxxxx> > wrote: > >> -----Original Message----- > >> From: Selinux [mailto:selinux-bounces@xxxxxxxxxxxxx] On Behalf Of > >> David Li > >> Sent: Tuesday, December 08, 2015 1:29 PM > >> To: selinux@xxxxxxxxxxxxx > >> Subject: A newbie's question > >> > >> Hi, > >> > >> I thought I would post this question here in addition to the Fedora > >> list to get more help. > >> > >> ---- > >> > >> Maybe this is just for my own clarifications; I am about to start > >> SELinux learning and development. I have a stock Cento 7.1 install > >> and I am curious what''s difference between the following two: > >> > >> 1. Enable SElinux and setenforce 1 on the stock install > >> > >> vs. > >> > >> 2. Build a reference policy RPM and install it on the box. Then do > >> step > >> 1 as above. > >> > >> Are there any differences in terms of ref policy? Would step 1 also > >> have the ref policy enabled by default too? > >> > >> Thanks. > >> _______________________________________________ > >> Selinux mailing list > >> Selinux@xxxxxxxxxxxxx > >> To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. > >> To get help, send an email containing "help" to Selinux- > >> request@xxxxxxxxxxxxx. > > > > CentOS 7.1 has the reference policy installed, but there could be a > difference in version of the RPM reference policy and the version that > is current for 7.1. > > > > The seinfo command is one way to show what is currently installed. > > > > --Stephen > > _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
