On Sun, 7 Mar 2004 10:00, Josh Boyer <jwboyer(a)charter.net> wrote:
On Saturday 06 March 2004 03:59 pm, James Morris wrote:
> cd /etc/security/selinux/src/policy
> make
> make relabel
>
> Then reboot. That was a little while back, so the full yum upgrade might
> be a good idea too.
what does the reboot do that 'make load' doesn't? so far when tinkering
around with some .te files, i have always just done a 'make load' and
restarted the app and the changes take effect.
For such things I generally boot with "init=/bin/bash", mount the file
systems, /proc, /selinux, then do "make load ; make relabel" and then
"exec init".
For machines where I don't have console access (EG logging in by ssh) I just
run "make load ; make relabel", then restart all processes to get the right
context, starting with "telinit u" to restart init, "killall -9
mingetty",
using "runcon root:sysadm_r:sysadm_t /bin/bash" to get a shell in the right
context for restarting daemons, and then restarting sshd etc. This method
works well once you've had some practise, I've even upgraded machines to SE
Linux without being on the same continent.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page