[HEADS UP] SELinux policy store migration in Rawhide

Wed Jul 22 14:36:02 UTC 2015

On 07/16/2015 10:10 AM, Petr Lautrbach wrote:
> Hi everybody,
> 
> we will do an update of SELinux userspace tools
> to 2015-02-02 release and selinux-policy packages as it was proposed in
> "SELinux policy store migration" Fedora system wide change [1].

Hi all,
good news are here. Yesterday, we did rawhide and F23 builds for SELinux
userspace tools and SELinux policy containing all changes related to
"SELinux policy store migration" [1]. So now they are available from
rawhide and F23 repositories by default.

Together with that your help, questions, bugs and feedback will be
appreciated

Regards,
Miroslav

> 
> What does it mean for you:
> 
> 1. You use only Fedora default SELinux policy.
> 
> You shouldn't notice any change but some performance improvements during
> regular policy updates.
> 
> 2. You have local changes in policy like changed booleans, adjusted SELinux
> users, added or changed port or file contexts definitions made via
> "semanage" command.
> 
> You shouldn't notice any change. All local modifications should be handled
> by migration process during packages update.
> 
> You can backup your setting using the command below before the update
> will happen.
> 
> # semanage export -f semanage.mods
> 
> 3. You have your local SELinux policy modules
> 
> You shouldn't notice any change again. All modules should be migrated
> during selinux-policy update.
> 
> Some of modules could be incompatible with the new policy so they'll
> need to be migrated manually. If they are part of any Fedora package,
> we will help with the migration. Just file a bug to a component and
> add us do CC field.
> 
> We are ready to help with other modules or issues with migration on
> selinux at lists.fedoraproject.org mailing list.
> 
> 
> [1] https://fedoraproject.org/wiki/Changes/SELinuxPolicyStoreMigration
> 
> Petr
> 

-- 
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.