Today up2date found a very long list of package updates
on rawhide 500+ for me.
Since the box is a test box ... I let it.
I am curious if labels/attributes on all the new files
will be correct for SELinux after this and other up2date (rpm)
actions (excluding changes to /etc/security/selinux/src/policy/....).
The more general question is that for Large Medium and small updates....
there may always be a question when one or more "makes" in the policy
area will be needed. Is there a good way to check... will make
check-all do the right thing?
cd /etc/security/selinux/src/policy
make ????? # lots of choices...
make relabel # necessary? when and how to check ...
Is it necessary/useful to do stuff like this before or after a reboot?
Is there a difference from vanilla in how promptly a reboot and other
housecleaning for SELinux is needed? i.e. will audit go nuts...
Also I have taken to adding an alternate boot section in
/boot/grub/grub.conf. Is this useful, useless, sane, silly,
underkill, overkill. Thus...:
title Fedora Core (2.6.3-2.1.246)
root (hd0,0)
kernel /vmlinuz-2.6.3-2.1.246 ro root=LABEL=/
initrd /initrd-2.6.3-2.1.246.img
title Fedora Core NoSELinux (2.6.3-2.1.246)
root (hd0,0)
kernel /vmlinuz-2.6.3-2.1.246 ro root=LABEL=/ selinux=0
initrd /initrd-2.6.3-2.1.246.img
Hmmm... too many questions for one subject line...
--
T o m M i t c h e l l
/dev/null the ultimate in secure storage.
mitch48-at-sbcglobal-dot-net