On Mon, 2004-07-12 at 10:46, Tom London wrote:
Thanks.
I have 3 systems: one running 'stock' FC2, the other 2
running off the development and Arjan's tree.
I'll try the 'yum update' on the stock system.
As I mentioned, you want to use 'yum upgrade' to get it to pull in
selinux-policy-strict, I think. 'yum update' doesn't seem to replace
'policy' with 'selinux-policy-strict'.
I'm assuming (hoping?) that the 'bleeding edge'
systems will just update (i.e., 'yum update')
smoothly..... (they've already lost the '2'
from the login splash screen, and yum.conf
has been updated to point only at the
development tree).
I expect so. I have several machines running off of the development
tree, with one using targeted policy and the rest using strict policy.
FC2T1 clean install had issues with
SELinux installs (home directories not properly
labeled, ...). The bugzilla entry for this
(
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123856)
is not closed....
Has this been fixed? Need testing?
I don't know; there are file_type_auto_trans() rules in firstboot.te for
user home directories, but I'm not clear as to whether all issues have
been resolved. useradd really needs a bit of SELinux awareness, IMHO.
And I seem to recall /etc/passwd and /etc/group being re-written into
the wrong type by firstboot as well during FC2 installs.
--
Stephen Smalley <sds(a)epoch.ncsc.mil>
National Security Agency