Installing new policy?
Daniel J Walsh
dwalsh at redhat.com
Tue Mar 9 14:56:43 UTC 2004
Russell Coker wrote:
>On Tue, 9 Mar 2004 04:53, Tom Mitchell <mitch48 at yahoo.com> wrote:
>
>
>>If you're pushing new policy that actually fixes bugs will it break site
>>policy? I would be unhappy if my co-lo box had this line changed. ;-)
>> # uncomment to allow ssh logins as sysadm_r:sysadm_t
>> define(`ssh_sysadm_login')
>>
>>
>
>This is a difficult issue. For Debian I have it ask a heap of questions at
>policy upgrade time about replacing policy files, but lots of people seem to
>dislike that.
>
>One possibility is to replace files that have not been changed. However that
>means that if a macro changes without the calling code changing then it could
>break policy compiles.
>
>
RPM should leave the tunable.te file and create a tunable.te.rpmnew file.
More information about the fedora-selinux-list
mailing list