Odd boolean in /etc/selinux/strict/booleans?
Daniel J Walsh
dwalsh at redhat.com
Thu Mar 31 13:11:28 UTC 2005
Ivan Gyurdiev wrote:
>On Thu, 2005-03-31 at 07:23 -0500, Ivan Gyurdiev wrote:
>
>
>>>How come it's disable_games in strict/booleans, but disable_games_trans in the
>>>policy?
>>>
>>>
>>disable_games_trans is correct, the file's probably out of date.
>>
>>How come some of those booleans are set to 0 by default - doesn't
>>that match the selinux policy? Is the booleans file supposed to
>>override the src defaults? If so, shouldn't there be only 1s in that
>>file (since the src defaults are all 0)?
>>
>>Also, the securitylevel app marks things "Changed" every time I toggle
>>them. It seems like it would be better if it marked thigs back to
>>"Unchanged" when I toggled them back, to prevent it from writing out
>>every random thing I toggle into booleans.local, whether or not I change
>>it back to where it was.
>>
>>Also, my old booleans file went to booleans.rpmsave. Does that mean that
>>my booleans will be reset upon reboot? If so, should the %post script do
>>something about that to address upgrade path from FC3->FC4?
>>
>>
>
>Also, should the post script remove nonexistent booleans from
>booleans.local upon upgrade?
>
>
>
We could make the setsebool smarter to handle this. But currently all
post is doing is looking for an rpmsave file since booleans will now be
replaced,
and renaming it to local iff local did not already exist.
setsebool now will only modify the specified boolean in the
booleans.local file.
Dan
--
More information about the fedora-selinux-list
mailing list