How to properly upgrade policy
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Fri Jun 25 16:44:45 UTC 2004
On Fri, 25 Jun 2004 10:28:57 CDT, Bob Gustafson <bobgus at rcn.com> said:
> However, looking my output from fixfiles, it seems as though there are
> gross changes in policy that are occasionally occuring during this
> development phase (object_r -> system_r).
>
> It would be nice to get some sort of indication that a fixfiles run would
> be helpful when these gross changes occur.
In the generalized case, how would it know? (I mean, other than the already
mentioned 'fixfiles -n -v -o' and look at the logfile and restorecon)?
(Personally, I think a nightly cron job that does something like:
fixfiles -n -v -o /var/tmp/whatever; mail -s "Incorrect contexts" root < /var/tmp/whatever
is The Right Behavior. I owe whoever thought of it a beer :)
Right now, *my* single biggest mangler of contexts is all the local and 3rd-party
stuff that gets into system directories via 'make install' rather than via RPM
(so far this morning, I've already had one package that I did a 'cvs update'
and then 'make/make install', and since it supports plugins, the following
clean-up relabeled about 30 *.so files to shlib_t....
See above-mentioned Right Behavior, and guess who doesn't always remember
to run fixfiles after a 'make install' and needs to be nagged. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040625/555d4521/attachment.sig>
More information about the fedora-selinux-list
mailing list