Stephen Smalley wrote:
On Wed, 2005-06-15 at 14:53 -0400, Security News wrote:
Sorry, in the first post I meant to say that I wanted to install the policycoreutils<version>.rpm (the devil really is in the details.)
--the reason for needing this rpm is that I am hoping to be able to install a custom policy and file-labelling without installing the source configuration files. This is just so that even a root user could be kept from editing my policy.conf files. I need the coreutils b/c if the source config files are not going to be present then neither is the Makefile, so I would need to use "fixfiles relabel" and "load_policy".
Unless, there is a better way to load and relabel when not installing the config source files.
I am hoping to have this installation be performed by someone else somewhere else, and to make the installation as mindless as possible for them.
policycoreutils is always needed for SELinux, so it should already be installed on the base FC3 systems running targeted policy. You would only need to install a different version of it if your strict policy relies on a newer base version of policycoreutils than the stock FC3 one (at which point you may want to check whether you also require a newer libsepol and libselinux as well).
Also fixfiles/restorecon/setfiles do not require policy sources to be installed. They use the file_context files in
/etc/selinux/TYPE/contexts/files/ directory.
Dan