1:31 p.m.
What do the RH folk recommend?
* Install FC2T1 and then "yum upgrade"?
* Perform a rawhide install?
Are there any "manual" steps required?
Dax Kelson
1:56 p.m.
Not to sound like an ass, but I can see this list getting outta control, so just
to clarify, this is for selinux related items as it pertains to fedora, right?
Dan
Quoting Dax Kelson <dax(a)gurulabs.com>:
What do the RH folk recommend?
* Install FC2T1 and then "yum upgrade"?
* Perform a rawhide install?
Are there any "manual" steps required?
Dax Kelson
4:06 p.m.
On Sat, 2004-03-06 at 12:56, Daniel Wittenberg wrote:
Not to sound like an ass, but I can see this list getting outta
control, so just
to clarify, this is for selinux related items as it pertains to fedora, right?
Dan
Hi Dan were you meaning to respond to my question, or start a new thread
with a new subject?
My question was about a on-topic for the list as it gets.
Dax
3:59 p.m.
On Sat, 6 Mar 2004, Dax Kelson wrote:
What do the RH folk recommend?
* Install FC2T1 and then "yum upgrade"?
* Perform a rawhide install?
Are there any "manual" steps required?
What I've done is start with FC2T1, then yum upgrade policy-sources,
policycoreutils, checkpolicy, libselinux, libselinux-devel. Boot into
single user mode, then:
cd /etc/security/selinux/src/policy
make
make relabel
Then reboot. That was a little while back, so the full yum upgrade might
be a good idea too.
- James
--
James Morris
<jmorris(a)redhat.com>
5 p.m.
On Saturday 06 March 2004 03:59 pm, James Morris wrote:
cd /etc/security/selinux/src/policy
make
make relabel
Then reboot. That was a little while back, so the full yum upgrade might
be a good idea too.
what does the reboot do that 'make load' doesn't? so far when tinkering
around with some .te files, i have always just done a 'make load' and
restarted the app and the changes take effect.
josh
5:51 p.m.
On Sat, 6 Mar 2004, Josh Boyer wrote:
On Saturday 06 March 2004 03:59 pm, James Morris wrote:
> cd /etc/security/selinux/src/policy
> make
> make relabel
>
> Then reboot. That was a little while back, so the full yum upgrade might
> be a good idea too.
what does the reboot do that 'make load' doesn't? so far when tinkering
around with some .te files, i have always just done a 'make load' and
restarted the app and the changes take effect.
That should be fine.
I rebooted after doing the initial filesystem labeling in single user mode
(which was recommded to my by Dan Walsh).
- Jame
--
James Morris
<jmorris(a)redhat.com>
10:05 p.m.
On Sun, 7 Mar 2004 10:00, Josh Boyer <jwboyer(a)charter.net> wrote:
On Saturday 06 March 2004 03:59 pm, James Morris wrote:
> cd /etc/security/selinux/src/policy
> make
> make relabel
>
> Then reboot. That was a little while back, so the full yum upgrade might
> be a good idea too.
what does the reboot do that 'make load' doesn't? so far when tinkering
around with some .te files, i have always just done a 'make load' and
restarted the app and the changes take effect.
For such things I generally boot with "init=/bin/bash", mount the file
systems, /proc, /selinux, then do "make load ; make relabel" and then
"exec init".
For machines where I don't have console access (EG logging in by ssh) I just
run "make load ; make relabel", then restart all processes to get the right
context, starting with "telinit u" to restart init, "killall -9
mingetty",
using "runcon root:sysadm_r:sysadm_t /bin/bash" to get a shell in the right
context for restarting daemons, and then restarting sshd etc. This method
works well once you've had some practise, I've even upgraded machines to SE
Linux without being on the same continent.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
1:40 p.m.
Josh Boyer wrote:
On Saturday 06 March 2004 03:59 pm, James Morris wrote:
> cd /etc/security/selinux/src/policy
> make
> make relabel
>
>Then reboot. That was a little while back, so the full yum upgrade might
>be a good idea too.
>
>
what does the reboot do that 'make load' doesn't? so far when tinkering
around with some .te files, i have always just done a 'make load' and
restarted the app and the changes take effect.
Make load will recompile the policy file, where reboot will only load
the existing policy file.
josh
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
1:39 p.m.
On Mon, 2004-03-08 at 14:40 -0500, Daniel J Walsh wrote:
Josh Boyer wrote:
>On Saturday 06 March 2004 03:59 pm, James Morris wrote:
>> cd /etc/security/selinux/src/policy
>> make
>> make relabel
I have no makefile here... what package/action am I missing?
TIA, Rui
--
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?
Please AVOID sending me WORD, EXCEL or POWERPOINT attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
2:23 p.m.
On Mon, 8 Mar 2004, Rui Miguel Seabra wrote:
On Mon, 2004-03-08 at 14:40 -0500, Daniel J Walsh wrote:
> Josh Boyer wrote:
> >On Saturday 06 March 2004 03:59 pm, James Morris wrote:
> >> cd /etc/security/selinux/src/policy
> >> make
> >> make relabel
I have no makefile here... what package/action am I missing?
policy-sources
--
James Morris
<jmorris(a)redhat.com>
7:14 p.m.
On 06.03.2004 13:59, James Morris wrote:
What I've done is start with FC2T1, then yum upgrade
policy-sources,
policycoreutils, checkpolicy, libselinux, libselinux-devel. Boot into
single user mode, then:
cd /etc/security/selinux/src/policy
make
make relabel
Is policy-sources really necessary (if I just want to test the standard
default policies)? What I did is installed policycoreutils and policy,
and run
/usr/sbin/setfiles /etc/security/selinux/file_contexts /
/usr/sbin/load_policy /etc/security/selinux/policy.15
and rebooted. Would the above have the same effect as using policy-sources?
--
Aleksey Nogin
Home Page: http://nogin.org/
E-Mail: nogin(a)cs.caltech.edu (office), aleksey(a)nogin.org (personal)
Office: Jorgensen 70, tel: (626) 395-2907
9:17 a.m.
Aleksey Nogin wrote:
On 06.03.2004 13:59, James Morris wrote:
> What I've done is start with FC2T1, then yum upgrade policy-sources,
> policycoreutils, checkpolicy, libselinux, libselinux-devel. Boot
> into single user mode, then:
>
>
> cd /etc/security/selinux/src/policy
> make
> make relabel
>
Is policy-sources really necessary (if I just want to test the
standard default policies)? What I did is installed policycoreutils
and policy, and run
/usr/sbin/setfiles /etc/security/selinux/file_contexts /
You want to run setfiles on all ext3 file systems
setfiles /etc/security/selinux/file_contexts `mount | awk '/(ext[23]|
xfs).*rw/{print $$3}'`
/usr/sbin/load_policy /etc/security/selinux/policy.15
and rebooted. Would the above have the same effect as using
policy-sources?
1:37 p.m.
Dax Kelson wrote:
What do the RH folk recommend?
* Install FC2T1 and then "yum upgrade"?
* Perform a rawhide install?
Are there any "manual" steps required?
Dax Kelson
Rawhide install. The installer is supposed to set the file context.
If you do it the other way you need to do a make relabel from the source
policy.
Dan
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
7362
days inactive
7365
days old
selinux@lists.fedoraproject.org
12 comments
8 participants
participants (8)
-
Aleksey Nogin -
Daniel J Walsh -
Daniel Wittenberg -
Dax Kelson -
James Morris -
Josh Boyer -
Rui Miguel Silva Seabra -
Russell Coker