Installing new policy?
Tom Mitchell
mitch48 at sbcglobal.net
Mon Mar 8 08:05:25 UTC 2004
On Mon, Mar 08, 2004 at 02:20:36AM -0500, Bill Nottingham wrote:
> James Morris (jmorris at redhat.com) said:
> > > When new policy & policy-sources packages get downloaded and installed
> > > from development, do I need to do:
> > >
> > > cd /etc/security/selinux/src/policy
> > > make load
> > > make relabel
> > >
> >
> > Yes.
>
> Does this mean policy *never* gets updated on a new rpm install
> without manual intevention? This seems bad.
If I understand this...
In development cycles having the "current" best practice policy does make sense
for some, but not outside the context of "default policy development".
The more general procedure would be to
cd /etc/security/selinux/src/policy
# examine, compare with current, update for local needs, scratch, validate... then
# iff all is ok
make load
make relabel
In fact the "policy" on "policy updates" should be the most
constrained in the pile.
--
T o m M i t c h e l l
/dev/null the ultimate in secure storage.
mitch48-at-sbcglobal-dot-net
More information about the fedora-selinux-list
mailing list