libselinux should not require libsetrans
Daniel J Walsh
dwalsh at redhat.com
Wed Sep 14 18:21:03 UTC 2005
Stephen Smalley wrote:
>Hi,
>
>In the current Fedora spec file, libselinux has libsetrans as a prereq,
>thereby pulling it in on libselinux updates for all users regardless of
>policy. However, libsetrans presumes that MCS is enabled and always
>appends :s0 to contexts when converting to raw format if they lack it.
>This breaks (for example) a system running strict policy, as libselinux
>then starts using the MCS-specific libsetrans and it starts
>appending :so to raw contexts, but the kernel then rejects those
>contexts since it does not have a MLS-enabled policy.
>
>libsetrans is supposed to be optional, with libselinux gracefully
>falling back to no translation if it is absent. I can possibly see
>making it a dependency of MCS-enabled targeted policy packages, but not
>of libselinux. Yes?
>
>
>
Yes for now you can just disable the translation. Edit /etc/mcs.conf
and unconmment disable line. MCS Targeted policy will be available by
default in tonights rawhide.
--
More information about the fedora-selinux-list
mailing list