rawhide install troubles

[Karl MacMillan]

On Thu, 2004-01-29 at 16:38, Jeremy Katz wrote:
> On Thu, 2004-01-29 at 16:26 -0500, Karl MacMillan wrote:
> > On Thu, 2004-01-29 at 16:15, Jeremy Katz wrote:
> > > On Thu, 2004-01-29 at 01:14 -0800, Gary Peck wrote:
> > > > - the SELinux policy package doesn't get pulled in by anything when
> > > >   doing an upgrade. maybe something can depend on it? or maybe this
> > > >   should just go in the "unsupported" category.
> > > 
> > > This is a good thing, IMHO.  Enabling it on an upgrade is going to
> > > require some manual changes and thus I don't think that it should get
> > > pulled in on an upgrade.
> >
> > What kind of manual changes do you mean? Building the policy,
> > relabeling, loading the policy?
> 
> Relabeling mostly.  You won't be able to do that in a single step
> because running in a 2.4 kernel, security xattrs won't be able to be set
> on files.

You mean a 2.4 kernel without SELinux support I assume. At some point in
the past I thought that you could set the security labels even on
non-SELinux kernels. If you can't any upgrading /installing of rpms will
be a problem because I thought rpm was setting the labels directly. 

Additionally, what is the planned mechanism for updating the policy for
a specific application? Assuming that policy is bundled in the rpm with
the package, if the policy changes in a way that requires relabeling
will rpm set the labels on the files owned by that rpm? What about files
labeled as a result of type transition rules? I think that these are
some hard problems and I'm interested how they are being handled.

>   And having policy load without a labeled filesystem is ...
> interesting :-)

Especially in enforcing mode.

Karl

> Cheers,
> 
> Jeremy
-- 
Karl MacMillan
Tresys Technology
kmacmillan at tresys.com
http://www.tresys.com
(410) 290-1411 x134