policy sources disappearing?
Ivan Gyurdiev
ivg2 at cornell.edu
Sun Nov 6 19:47:07 UTC 2005
Gene Czarcinski wrote:
> IIRC there was (at one time) a check box in system-config-security to force
> autorelabel at the next reboot. Since it is now not there I looked through
> the rpm changelog to see why it was dropped ... I did not find an entry for
> autorelabel but I did find:
>
I don't know about this, but you can force an autorelabel by running:
touch /.autorelabel.
> - Remove support for modifying tunables since policy source will be
> disappearing in the future (#160896).
>
> I have browsed/searched the various selinux mailing lists and not found
> anything which discussed this. Can someone expand one what is going on and
> how policy changes will be made in the future?
>
I'm not aware of plans to remove the policy sources. You shouldn't need
them to use selinux, however. Tunables are for making compile-time
changes to policy, while booleans are for making runtime changes to
policy. I suspect what happened here is that tunable support got
dropped, but booleans will be kept. Tunables are things the package
distributor might want to control, while booleans are for changes by the
end user.
> Is this similar to the kernel source situation where we will need to install
> the src rpm for selinux-policy to get at the sources?
>
Sources are already in a separate package, and I think they would be
required if you wanted to modify tunables - not the case for booleans.
More information about the fedora-selinux-list
mailing list