Tony Nelson wrote:
At 2:48 PM -0400 8/8/06, Daniel J Walsh wrote:
...
> Try to run the update in permissive mode.
>
> setenforce 0
> semodule -b /usr/share/selinux/targeted/base.pp
> setenforce 1
>
> There is a Chicken and Egg situation with the netfiler_contexts problem
> above, which is not allowing
> to update policy rules with the proper allows to eliminate this problem.
>
...
Would it be reasonable for SELinux policy update rpm post-install scripts
to do "setenforce 0" before updating (and restore the state after)?
No, this would shut down your security during the update, Probably not
a good idea.
We just need to fix our bugs. :^(
____________________________________________________________________
TonyN.:' <mailto:tonynelson@georgeanelson.com>
' <
http://www.georgeanelson.com/>
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list