-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/03/2011 03:25 PM, Mr Dash Four wrote:
> Might have been some merge issue with upstream policy.
>
> I think Fedora and refpolicy implement configfile each in a different
> way, this may (or may not) cause confusion when Fedora merges upstream
> refpolicy in its branch.
>
I am annoyed because I do not want to be dealing with issues which were
'resolved' nearly a year ago just to resurface again when I try to upgrade.
Yes, but this may just be an isolated incident. We are still only human
plus some things changed in the way policy is maintained (moved to git/
new maintainer)
Anyway, I backed out of this upgrade because as it turns out there
are
also quite a few issues with compiling the kernel as well, so I may as
well just wait until FC15 comes around - I do not normally follow even
number Fedora upgrades, but do not know what possessed me over the xmas
period to go for this upgrade...
SeLinux related issues? can you be more specific?
> In my view allowing iptables to read all config files is
sub-optimal.
>
> I would probably just allow:
>
> shorewall_read_config(iptables)
>
I did that as a temporary measure (added optional_policy statement with
shorewall_read_config) to see if it is going to cure the problem - it
did, though, as you put it above, it is not ideal.
shorewall_read_config IS ideal in my view. (unlike what Fedora
previously may have implemented)
I think its probably best to just report this issue to
bugzilla.redhat.com/f14/selinux-policy so that it can be fixed.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAk0h3jsACgkQMlxVo39jgT+KtwCfQmzzH7PcrzSkRNHI+UP4WL0Q
r1UAoIS426C23A/oMoyzXwLtYEv1zEaN
=lOVU
-----END PGP SIGNATURE-----