On Wed, 2004-12-29 at 21:42 -0500, Charles R. Anderson wrote:
I just yum updated, and got the latest testing kernel and policy
files:
Install: kernel.i686 0:2.6.9-1.715_FC3
Install: kernel-smp.i686 0:2.6.9-1.715_FC3
[...]
Update: selinux-policy-targeted.noarch 0:1.17.30-2.58
Update: selinux-policy-targeted-sources.noarch 0:1.17.30-2.58
[...]
Installing: kernel-smp 100 % done 1/160
warning: /etc/selinux/targeted/contexts/files/file_contexts created as
/etc/selinux/targeted/contexts/files/file_contexts.rpmnew
warning: /etc/selinux/targeted/policy/policy.18 created as
/etc/selinux/targeted/policy/policy.18.rpmnew
Updating: selinux-policy-targeted 100 % done 2/160
The FAQ says that the policy reloads automatically, and that a manual
relabel may be necessary. It doesn't say anything about fixing the
filenames that were named .rpmnew. How can the policy automatically
reload when the file isn't named correctly?
This can happen when you have selinux-policy-targeted-sources installed.
It's complicated to solve; I think we ended up deciding that if you have
-sources installed, it's up to you to do a policy rebuild for new
versions.
Since policy is tied to the kernel, what happens when I have more
than
one kernel installed, and I boot an older one from grub?
If you don't need to customize policy, deinstall the -sources package,
and move the .rpmnew files over the non-.rpmnew versions. Then this
problem goes away.
If you do need to customize policy, then you're probably best off
booting in non-enforcing mode after an update to test and ensure that
your changes work with the latest package. Keeping a custom policy is
nontrivial at the moment, and it's something I'd like to fix.