rpm -V selinux-policy-targeted
Daniel J Walsh
dwalsh at redhat.com
Wed Nov 24 16:40:11 UTC 2004
Joe Orton wrote:
>On Wed, Nov 24, 2004 at 10:05:55AM -0500, Daniel J Walsh wrote:
>
>
>>Joe Orton wrote:
>>
>>
>...
>
>
>>>..5....T. c /etc/selinux/targeted/policy/policy.18
>>>
>>>Since policy/policy.18 is marked %config(noreplace) the new policy.18
>>>file is installed as policy.18.rpmnew and hence it seems manual
>>>intervention is needed to load the new policy, it's not a simple rpm -U
>>>or up2date run away - is this desirable?
>>>
>>>
>>This means that you modified the file_context/policy.18 file by using
>>selinux-policy-targeted-sources file.
>>The upgrade of selinux-policy-targeted-sources should do a make reload
>>when it completes, causing the policy.18 and file_contexts file
>>to be replaced. This way if you made local changes they will be
>>maintained. (There was/is a bug with the moving of the /usr/bin files
>>to /usr/sbin that is causing certain *sources rpms not to do a make load.
>>
>>
>
>No, I didn't make any local changes, I haven't touched the files, this
>was on a fresh kickstart. Ah, it looks like the %post script for
>selinux-policy-targeted-sources will reload the policy the first time
>it's installed too, i.e. by anaconda. So it's doomed from the out.
>
>That could be changed to really only happen on upgrades, but I'd
>question whether -sources should automatically reload the policy at all.
>Getting so easily into a state where "up2date selinux-targeted-policy"
>doesn't automatically apply policy updates (given no local modifications
>to the sources) is bad.
>
>
>
Ok we can turn off automatic update of policy from
selinux-policy-*sources, but then
the user will need to manually update the policy if he has manipulated it.
>joe
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
More information about the fedora-selinux-list
mailing list