Stephen Smalley wrote:
On Wed, 2005-06-15 at 14:53 -0400, Security News wrote:
>Sorry, in the first post I meant to say that I wanted to install the
>policycoreutils<version>.rpm (the devil really is in the details.)
>
>--the reason for needing this rpm is that I am hoping to be able to
>install a custom policy and file-labelling without installing the
>source configuration files. This is just so that even a root user
>could be kept from editing my policy.conf files. I need the coreutils
>b/c if the source config files are not going to be present then
>neither is the Makefile, so I would need to use "fixfiles relabel" and
>"load_policy".
>
>Unless, there is a better way to load and relabel when not installing
>the config source files.
>
>I am hoping to have this installation be performed by someone else
>somewhere else, and to make the installation as mindless as possible
>for them.
>
>
policycoreutils is always needed for SELinux, so it should already be
installed on the base FC3 systems running targeted policy. You would
only need to install a different version of it if your strict policy
relies on a newer base version of policycoreutils than the stock FC3 one
(at which point you may want to check whether you also require a newer
libsepol and libselinux as well).
Also fixfiles/restorecon/setfiles do not require policy sources to be
installed. They use the file_context files in
/etc/selinux/TYPE/contexts/files/ directory.
Dan
--