policy packages
Jeremy Katz
katzj at redhat.com
Wed May 19 03:31:31 UTC 2004
On Tue, 2004-05-18 at 23:15 -0400, Daniel J Walsh wrote:
> Policy rename dilemma. I have a version of policy ready to go that
> supports both strict and targeted policy. The version I wrote creates
> targeted policy as policy and policy-sources and the strict as
> policy-strict and policy-strict-sources. The problem with this is that
> if I put it in Rawhide people upgrading will switch from strict policy
> to relaxed and require a relabel. If I change it to strict equals
> policy and policy-sources, with policy-targeted and
> policy-targeted-sources, than I am stuck with that even though
> policy-targeted will be the default in FC3, which seems wrong.
You could do policy-strict Obsoletes: policy < newver. Then if you do
an update with obsoletes/upgrade, you'll get policy-strict (and probably
newer now targeted policy too, but having that installed doesn't cause
problems) and the logic for what the various things
in /etc/sysconfig/selinux are can be basically
enabled ==> policy-strict
targeted ==> policy (the targeted version)
>From a packaging perspective, it should work. It's still a little
confusing. I'd actually probably change the default for strict to be
use strict instead of enabled and just have enabled for compatibility's
sake.
Jeremy
More information about the fedora-selinux-list
mailing list