Re: New policies installed. Minor problem & change(?)
On Wed, 2004-06-02 at 13:55, Tom London wrote:
('fixfiles relabel/check' now fails if run in enforcing mode
('Permission denied' for file_contexts). Works if you 'setenforce 0'
first. Did I miss a change?)
No, this is a bug in the policy; setfiles_t needs r_dir_file(setfiles_t,
file_context_t).
2). Also, there now is a complete absence of 'avc' messages
in
/var/log/messages. Is this expected?
No. Auditing disabled in latest kernel for some reason.
3). I checked the scripts on the policy rpms and it looks like the
reference to 'POLICYTYPE' is gone (replaced with 'SELINUXTYPE'). Is it
safe to remove the 'POLICYTYPE=strict' line from /etc/sysconfig/selinux
and from /etc/selinux/config? Can I safely remove one file?
Yes, and only /etc/selinux/config should be used now.
--
Stephen Smalley <sds(a)epoch.ncsc.mil>
National Security Agency