up2date, Large Medium and small updates....
Stephen C. Tweedie
sct at redhat.com
Wed Mar 10 11:37:53 UTC 2004
Hi,
On Wed, 2004-03-10 at 01:40, Tom Mitchell wrote:
> The more general question is that for Large Medium and small updates....
> there may always be a question when one or more "makes" in the policy
> area will be needed. Is there a good way to check... will make
> check-all do the right thing?
>
> cd /etc/security/selinux/src/policy
> make ????? # lots of choices...
> make relabel # necessary? when and how to check ...
>
> Is it necessary/useful to do stuff like this before or after a reboot?
It shouldn't be necessary. But if there's something wrong ---
unexpected actions in a %post script, the rpm was built from the wrong
policy's file context list --- it might be. I've added a new target in
my own policy makefile:
checklabels: $(FC) $(SETFILES)
$(SETFILES) -v $(FC) `mount | awk '/(ext[23]| xfs).*rw/{print $$3}'`
which passes the "-v" option to setfiles so that in addition to fixing
labels, it logs those inodes with the wrong labels.
--Stephen
More information about the fedora-selinux-list
mailing list