Running a script from Samba

[Aleksander Adamowski]

Aleksander Adamowski wrote:
>
> I've figured out that indeed my unloading of unconfined.pp was causing 
> the problem with loading the base policy. However, copying 
> /usr/share/selinux/targeted/unconfined.pp manually to 
> /etc/selinux/targeted/modules/active/modules has allowed me to load 
> the new base.pp.
The problem with the solution is that now I cannot "semodule -r 
unconfined" like Dan has advised for Fedora 8.
On Fedora 9 this results in this error:

# semodule -r unconfined
libsepol.context_from_record: type samba_unconfined_script_exec_t is not 
defined
libsepol.context_from_record: could not create context structure
libsepol.context_from_string: could not create context structure
libsepol.sepol_context_to_sid: could not convert 
system_u:object_r:samba_unconfined_script_exec_t:s0 to sid
invalid context system_u:object_r:samba_unconfined_script_exec_t:s0

Has the procedure of removing the "unconfined" module been superseded by 
something else in Fedora 9?

BTW, this is probably a question to Dan: is there any single place with 
documentation about all the changes in the SELinux policy and procedures 
relating to its customisation between Fedora releases? There is no such 
information in Fedora's release notes (where any sane being would look 
for them first).

Currently with each Fedora Release there are numerous changes that break 
backward compatibility and significantly change the customisation 
procedures. However, I were able to find information about them only by 
scraping them from all around the web - from interviews with Dan Walsh, 
his LiveJournal blog, some random mailing list discussions, 
half-finished Fedora Wiki pages and so on. Am I missing something?
Is there a place where comprehensive documentation for all this lies?


-- 
Best Regards,
    Aleksander Adamowski
        GG#: 274614
        ICQ UIN: 19780575 
	http://olo.org.pl