[Fwd: Re: who provides /etc/sysconfig/selinux?]
Stephen Smalley
sds at epoch.ncsc.mil
Fri Jun 4 17:46:19 UTC 2004
On Fri, 2004-06-04 at 13:24, Daniel J Walsh wrote:
> Yes this is because you were running with strict policy before, so I
> expected you to run with strict policy afterwards. Yum update would
> have pulled both strict and targeted.
>
> So Initial install gets targeted, upgrade from FC2 with policy gets
> strict. The one hole in the strategy is upgrading a policy -> targeted
> without installing strict.
I'd suggest that each package (selinux-policy-strict,
selinux-policy-targeted) set the SELINUXTYPE to its own type (strict or
targeted) if it is not already set (or more simply, if
/etc/selinux/config does not exist at all). Wouldn't a yum update pull
in strict first, so this would still ensure preservation of strict
policy in that case?
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list