How to properly upgrade policy
Ivan Gyurdiev
ivg2 at cornell.edu
Thu Jun 24 21:00:34 UTC 2004
On Thu, 2004-06-24 at 16:45 -0400, Stephen Smalley wrote:
> On Thu, 2004-06-24 at 16:21, Ivan Gyurdiev wrote:
> > What's the proper way to upgrade the selinux policy?
> >
> > yum and rpm leave me with .rpmnew files every single time.
>
> This suggests that you installed the policy source package as well, or
> locally modified your policy directly. If you install or update the
> policy source package (selinux-policy-strict-sources), then it should
> rebuild the policy files from source and load the new ones automatically
> as part of the %post. Updating the policy package
> (selinux-policy-strict) will then leave you with .rpmnew files because
> it sees that the files have been locally rebuilt.
Yes, I have the sources package instaled - I need it to make relabel
don't I? Since I upgrade through yum, and rawhide updates the sources
package with the other one, I always update them together. However, the
resulting files are not the same - file_contexts and file_contexts.
rpmnew are different, and the binary policy differs too.
> > Do I need to run make relabel?
> >
> > ______________________________________________________________________
> It is generally safest to do so, but often unnecessary (only if there is
> a relevant change to file_contexts that affects you). Relabeling is not
> presently automatically performed upon a policy update.
Are there plans to change that?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040624/9258b086/attachment.sig>
More information about the fedora-selinux-list
mailing list