SElinux on upgraded machines
Bruno Wolff III
bruno at wolff.to
Mon Dec 15 14:17:47 UTC 2008
On Mon, Dec 15, 2008 at 09:05:42 -0500,
Daniel J Walsh <dwalsh at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > "semanage fcontext -C -l" will list your local changes. Unfortunately the
> > format of the output is not the same as the format for input. But if you
> > don't have too many changes its not bad to do the set up again.
> >
> What format would you like to see? Patches accepted :^)
In theory something like the following would work:
semanage fcontext -C -l > saved_local_changes
And then on other system to which the file has been copied:
sh saved_local_changes
work work and add the previous changes.
Actually I think the fcontext stuff could really use some tool in front of
it that works with directories and some limited set of file name patterns
rather than an ordered set of full regular expressions. The current system is
error prone and a pain to manage. If you need to add something in the middle,
you need to go back and delete stuff one by one, add the new rule and then
put the old ones back one by one. As far as I know there is no analysis
of conflicting rules (say where a more general pattern covers a preceding
more specific pattern) that should be flagged as potential errors.
More information about the fedora-test-list
mailing list