SElinux on upgraded machines
Bruno Wolff III
bruno at wolff.to
Mon Dec 15 14:47:05 UTC 2008
On Mon, Dec 15, 2008 at 09:31:24 -0500,
Daniel J Walsh <dwalsh at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> How about something like
>
> semanage fcontext -C -l -F saved_local_changes
> semanage fcontext -a -F saved_local_changes
> There was some experimental work done using globs instead of Regular
> Expressions by TreSys (Fglob?), but I have not heard anything about it
> recently.
That would be nice. I think that way you could actually come up with a
reasonable way to make rules order independent. There would probably still be
some tricky aspects, but getting rid of ordering would make things a lot less
error prone. The trade off might be having to repeat similar rules in multiple
places. It shouldn't even be that hard to test this as, turning the latter
into the former with a program shouldn't be that hard. (Note I am currently
working on reviving the games spin for F11 and am not volunteering to try
doing this at this time.)
More information about the fedora-test-list
mailing list