Installing the new policy

Stephen Smalley sds at epoch.ncsc.mil
Wed Jun 2 16:32:01 UTC 2004


On Sat, 2004-05-29 at 15:49, Bob Gustafson wrote:
> I wonder if the main problem is a missing /etc/selinux/config file which
> probably tells pieces of the system which of the policy-strict, etc. files
> to use (??)

Yes, you need to create it manually at present, I think.  It replaces
/etc/sysconfig/selinux (so you still need a SELINUX=enforcing line) and
adds a SELINUXTYPE= definition to indicate the active policy (e.g.
strict or targeted).

> I updated my system and did a 'yum install policy\*` (maybe also
> selinux-policy\* too)

You need an updated libselinux, policycoreutils, and SysVinit in
addition to selinux-policy-strict or selinux-policy-targeted.  And you
need to relabel to get the right types on the /etc/selinux tree.

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency




More information about the fedora-selinux-list mailing list