How to properly upgrade policy
Stephen Smalley
sds at epoch.ncsc.mil
Thu Jun 24 20:45:33 UTC 2004
On Thu, 2004-06-24 at 16:21, Ivan Gyurdiev wrote:
> What's the proper way to upgrade the selinux policy?
>
> yum and rpm leave me with .rpmnew files every single time.
This suggests that you installed the policy source package as well, or
locally modified your policy directly. If you install or update the
policy source package (selinux-policy-strict-sources), then it should
rebuild the policy files from source and load the new ones automatically
as part of the %post. Updating the policy package
(selinux-policy-strict) will then leave you with .rpmnew files because
it sees that the files have been locally rebuilt.
>I assume I'm supposed to manually overwrite the old ones. Is that so?
Or update policy sources to get them regenerated.
> Do I need to run make relabel?
>
> ______________________________________________________________________
It is generally safest to do so, but often unnecessary (only if there is
a relevant change to file_contexts that affects you). Relabeling is not
presently automatically performed upon a policy update.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list