"Could not change policy booleans"
Daniel J Walsh
dwalsh at redhat.com
Thu Jun 14 15:58:02 UTC 2007
Paul Howarth wrote:
> Daniel J Walsh wrote:
>> Stephen Smalley wrote:
>>> On Wed, 2007-06-13 at 14:35 +0100, Paul Howarth wrote:
>>>
>>>> Stephen Smalley wrote:
>>>>
>>>>> On Wed, 2007-06-13 at 10:00 +0100, Paul Howarth wrote:
>>>>>
>>>>>> Daniel J Walsh wrote:
>>>>>>
>>>>>>> Paul Howarth wrote:
>>>>>>>
>>>>>>>> Nils Caspar wrote:
>>>>>>>>
>>>>>>>>>> That should have been solved by an update to dbus in fc6 a
>>>>>>>>>> month ago.
>>>>>>>>>>
>>>>>>>>> What Fedora
>>>>>>>>>
>>>>>>>>>> release are you running? Are you completely updated?
>>>>>>>>>>
>>>>>>>>> I'm running a full updated fedora 7.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> That should have worked. That should be the correct syntax.
>>>>>>>>>> Was there
>>>>>>>>>>
>>>>>>>>> an avc
>>>>>>>>>
>>>>>>>>>> associated with trying to set this?
>>>>>>>>>>
>>>>>>>>> There was no other warning.
>>>>>>>>>
>>>>>>>>> I have the same problem in an other fedora 7 VM. Maybe it's a
>>>>>>>>> fedora 7
>>>>>>>>> bug... :(
>>>>>>>>>
>>>>>>>> I've just hit the same problem on a fresh Fedora 7 install,
>>>>>>>> with all released updates.
>>>>>>>>
>>>>>>>> Paul.
>>>>>>>>
>>>>>>>> --
>>>>>>>> fedora-selinux-list mailing list
>>>>>>>> fedora-selinux-list at redhat.com
>>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>>>>>>
>>>>>>> Does this fix the problem?
>>>>>>>
>>>>>>> restorecon -R -v /etc/selinux/targeted
>>>>>>>
>>>>>> No; there are no AVC denials in the audit log (at least not
>>>>>> relating to this...) so I don't think it's an SELinux permissions
>>>>>> issue.
>>>>>>
>>>>>> Updating to the latest selinux package updates from
>>>>>> updates-testing hasn't helped either.
>>>>>>
>>>>> Bug in setsebool (it is actually succeeding, but falling through
>>>>> to the
>>>>> error path and thus incorrectly saying that it failed, as a result
>>>>> of a
>>>>> "build fix"). Fixed in policycoreutils 2.0.21.
>>>>>
>>>> Ah, saves me having to put something in an initscript :-)
>>>>
>>>> FC7 has policycoreutils-2.0.16-5.fc7 (from updates-testing), which
>>>> seems a long way behind 2.0.21. Is a fix likely any time soon?
>>>>
>>>
>>> I sent Dan the patch separately as well, in case he wants to just apply
>>> it without updating otherwise.
>>>
>> Fixed in policycoreutils
>> <https://admin.fedoraproject.org/updates/policycoreutils>-2.0.16-6.fc7
>
> Thanks.
>
> On an unrelated issue, where does the version number in the
> selinux-policy package come from? Upstream seems to do date-based
> releases rather than version number-based. I ask because I need to
> update my policy module for mod_fcgid and I'll need different versions
> for F7 (using patterns) and older releases (using create_file_perms
> etc.).
>
> Paul.
It comes from me.
selinux-policy-2.3.4
Everytime I release My own modifications I increment the last digit,
everytime I merge with upstream I update the middle number, and reset
the last digit to 1. Everytime there is a major change to policy
example-reference I increment the first. digit. If you do a
rpm -qi selinux-policy
It will show you the revision this policy is based off of.
BTW, I am working on merging strict and targeted policy in Rawhide
which will increment the major number. selinux-policy-3.0.1 will be
released soon.
More information about the fedora-selinux-list
mailing list