What do the RH folk recommend?
* Install FC2T1 and then "yum upgrade"? * Perform a rawhide install?
Are there any "manual" steps required?
Dax Kelson
Not to sound like an ass, but I can see this list getting outta control, so just to clarify, this is for selinux related items as it pertains to fedora, right?
Dan
Quoting Dax Kelson dax@gurulabs.com:
What do the RH folk recommend?
- Install FC2T1 and then "yum upgrade"?
- Perform a rawhide install?
Are there any "manual" steps required?
Dax Kelson
On Sat, 2004-03-06 at 12:56, Daniel Wittenberg wrote:
Not to sound like an ass, but I can see this list getting outta control, so just to clarify, this is for selinux related items as it pertains to fedora, right?
Dan
Hi Dan were you meaning to respond to my question, or start a new thread with a new subject?
My question was about a on-topic for the list as it gets.
Dax
On Sat, 6 Mar 2004, Dax Kelson wrote:
What do the RH folk recommend?
- Install FC2T1 and then "yum upgrade"?
- Perform a rawhide install?
Are there any "manual" steps required?
What I've done is start with FC2T1, then yum upgrade policy-sources, policycoreutils, checkpolicy, libselinux, libselinux-devel. Boot into single user mode, then:
cd /etc/security/selinux/src/policy make make relabel
Then reboot. That was a little while back, so the full yum upgrade might be a good idea too.
- James
On Saturday 06 March 2004 03:59 pm, James Morris wrote:
cd /etc/security/selinux/src/policy make make relabel
Then reboot. That was a little while back, so the full yum upgrade might be a good idea too.
what does the reboot do that 'make load' doesn't? so far when tinkering around with some .te files, i have always just done a 'make load' and restarted the app and the changes take effect.
josh
On Sat, 6 Mar 2004, Josh Boyer wrote:
On Saturday 06 March 2004 03:59 pm, James Morris wrote:
cd /etc/security/selinux/src/policy make make relabel
Then reboot. That was a little while back, so the full yum upgrade might be a good idea too.
what does the reboot do that 'make load' doesn't? so far when tinkering around with some .te files, i have always just done a 'make load' and restarted the app and the changes take effect.
That should be fine.
I rebooted after doing the initial filesystem labeling in single user mode (which was recommded to my by Dan Walsh).
- Jame
On Sun, 7 Mar 2004 10:00, Josh Boyer jwboyer@charter.net wrote:
On Saturday 06 March 2004 03:59 pm, James Morris wrote:
cd /etc/security/selinux/src/policy make make relabel
Then reboot. That was a little while back, so the full yum upgrade might be a good idea too.
what does the reboot do that 'make load' doesn't? so far when tinkering around with some .te files, i have always just done a 'make load' and restarted the app and the changes take effect.
For such things I generally boot with "init=/bin/bash", mount the file systems, /proc, /selinux, then do "make load ; make relabel" and then "exec init".
For machines where I don't have console access (EG logging in by ssh) I just run "make load ; make relabel", then restart all processes to get the right context, starting with "telinit u" to restart init, "killall -9 mingetty", using "runcon root:sysadm_r:sysadm_t /bin/bash" to get a shell in the right context for restarting daemons, and then restarting sshd etc. This method works well once you've had some practise, I've even upgraded machines to SE Linux without being on the same continent.
Josh Boyer wrote:
On Saturday 06 March 2004 03:59 pm, James Morris wrote:
cd /etc/security/selinux/src/policy make make relabel
Then reboot. That was a little while back, so the full yum upgrade might be a good idea too.
what does the reboot do that 'make load' doesn't? so far when tinkering around with some .te files, i have always just done a 'make load' and restarted the app and the changes take effect.
Make load will recompile the policy file, where reboot will only load the existing policy file.
josh
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
On Mon, 2004-03-08 at 14:40 -0500, Daniel J Walsh wrote:
Josh Boyer wrote:
On Saturday 06 March 2004 03:59 pm, James Morris wrote:
cd /etc/security/selinux/src/policy make make relabel
I have no makefile here... what package/action am I missing?
TIA, Rui
On Mon, 8 Mar 2004, Rui Miguel Seabra wrote:
On Mon, 2004-03-08 at 14:40 -0500, Daniel J Walsh wrote:
Josh Boyer wrote:
On Saturday 06 March 2004 03:59 pm, James Morris wrote:
cd /etc/security/selinux/src/policy make make relabel
I have no makefile here... what package/action am I missing?
policy-sources
On 06.03.2004 13:59, James Morris wrote:
What I've done is start with FC2T1, then yum upgrade policy-sources, policycoreutils, checkpolicy, libselinux, libselinux-devel. Boot into single user mode, then:
cd /etc/security/selinux/src/policy make make relabel
Is policy-sources really necessary (if I just want to test the standard default policies)? What I did is installed policycoreutils and policy, and run
/usr/sbin/setfiles /etc/security/selinux/file_contexts / /usr/sbin/load_policy /etc/security/selinux/policy.15
and rebooted. Would the above have the same effect as using policy-sources?
Aleksey Nogin wrote:
On 06.03.2004 13:59, James Morris wrote:
What I've done is start with FC2T1, then yum upgrade policy-sources, policycoreutils, checkpolicy, libselinux, libselinux-devel. Boot into single user mode, then:
cd /etc/security/selinux/src/policy make make relabel
Is policy-sources really necessary (if I just want to test the standard default policies)? What I did is installed policycoreutils and policy, and run
/usr/sbin/setfiles /etc/security/selinux/file_contexts /
You want to run setfiles on all ext3 file systems setfiles /etc/security/selinux/file_contexts `mount | awk '/(ext[23]| xfs).*rw/{print $$3}'`
/usr/sbin/load_policy /etc/security/selinux/policy.15
and rebooted. Would the above have the same effect as using policy-sources?
Dax Kelson wrote:
What do the RH folk recommend?
- Install FC2T1 and then "yum upgrade"?
- Perform a rawhide install?
Are there any "manual" steps required?
Dax Kelson
Rawhide install. The installer is supposed to set the file context.
If you do it the other way you need to do a make relabel from the source policy.
Dan
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
selinux@lists.fedoraproject.org