Best way to get started?

Russell Coker russell at coker.com.au
Sun Mar 7 04:05:27 UTC 2004


On Sun, 7 Mar 2004 10:00, Josh Boyer <jwboyer at charter.net> wrote:
> On Saturday 06 March 2004 03:59 pm, James Morris wrote:
> >   cd /etc/security/selinux/src/policy
> >   make
> >   make relabel
> >
> > Then reboot.  That was a little while back, so the full yum upgrade might
> > be a good idea too.
>
> what does the reboot do that 'make load' doesn't?  so far when tinkering
> around with some .te files, i have always just done a 'make load' and
> restarted the app and the changes take effect.

For such things I generally boot with "init=/bin/bash", mount the file 
systems, /proc, /selinux, then do "make load ; make relabel" and then
"exec init".

For machines where I don't have console access (EG logging in by ssh) I just 
run "make load ; make relabel", then restart all processes to get the right 
context, starting with "telinit u" to restart init, "killall -9 mingetty", 
using "runcon root:sysadm_r:sysadm_t /bin/bash" to get a shell in the right 
context for restarting daemons, and then restarting sshd etc.  This method 
works well once you've had some practise, I've even upgraded machines to SE 
Linux without being on the same continent.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page




More information about the fedora-selinux-list mailing list