After applying :
The system could no longer run up2date.
Could not set exec context to root:sysadm_r:rpm_t.
An addition to rpm.te of:
role system_r types rpm_t;
And a remake, didn't seem to catch the change in
rpm.te, as it didn't show the files compiled into
the version , as the remake ran... ????
Adding the same line to unconfined.te
alerted the selinux equivalent to .deps,
and all files were recompiled,
and the new policy loaded.
It is now in the policy.conf file, but near the beginning.
However, still no go....
"Could not set exec context to root:sysadm_r:rpm_t."
the same error.
Finally, adding the line
-directly- near the end of policy.conf, worked.
(line 126,102 near the samba section)
It is cheap work around, but it re-enables system
user root to run up2date.
I wonder what it is colliding with ?
YMMV, and always willing to listen to suggestions.
fedora-selinux-list mailing list