On 03/05/2010 02:53 PM, Stephen Smalley wrote:
On Fri, 2010-03-05 at 10:09 +0100, Dominick Grift wrote:
> On 03/05/2010 04:29 AM, Robert Nichols wrote:
>> And, it appears that I have to remember to re-install all local policy
>> modules every time there is a policy update, right?? :-((
>
> Not in all cases but in the case where user domains are involved that
> may be true. semodule -B may also do the trick.
What's an example where that is required, and why?
Well i dont remember exactly but i use to have a custom user domain, and
when fedora's selinux-policy had an update that affected interfaces in
the userdomain, that my custom user domain calls. Then this change would
not reflect in my custom user domain.
I had to reinstall my custom user domain after fedora selinux policy
updates that made relevant changes to the userdomain.
I think the explanation was that its works like static libraries and not
like dynamic libraries.
Unfortunately my memory might be wrong. Also i cannot find the
particular discussion i had with dwalsh about the issue on the mail
lists on short notice.
Also i do not know whether this is even related to this issue.