[HEADS UP] SELinux policy store migration in Rawhide
Miroslav Grepl
mgrepl at redhat.com
Wed Jul 22 14:36:02 UTC 2015
On 07/16/2015 10:10 AM, Petr Lautrbach wrote:
> Hi everybody,
>
> we will do an update of SELinux userspace tools
> to 2015-02-02 release and selinux-policy packages as it was proposed in
> "SELinux policy store migration" Fedora system wide change [1].
Hi all,
good news are here. Yesterday, we did rawhide and F23 builds for SELinux
userspace tools and SELinux policy containing all changes related to
"SELinux policy store migration" [1]. So now they are available from
rawhide and F23 repositories by default.
Together with that your help, questions, bugs and feedback will be
appreciated
Regards,
Miroslav
>
> What does it mean for you:
>
> 1. You use only Fedora default SELinux policy.
>
> You shouldn't notice any change but some performance improvements during
> regular policy updates.
>
> 2. You have local changes in policy like changed booleans, adjusted SELinux
> users, added or changed port or file contexts definitions made via
> "semanage" command.
>
> You shouldn't notice any change. All local modifications should be handled
> by migration process during packages update.
>
> You can backup your setting using the command below before the update
> will happen.
>
> # semanage export -f semanage.mods
>
> 3. You have your local SELinux policy modules
>
> You shouldn't notice any change again. All modules should be migrated
> during selinux-policy update.
>
> Some of modules could be incompatible with the new policy so they'll
> need to be migrated manually. If they are part of any Fedora package,
> we will help with the migration. Just file a bug to a component and
> add us do CC field.
>
> We are ready to help with other modules or issues with migration on
> selinux at lists.fedoraproject.org mailing list.
>
>
> [1] https://fedoraproject.org/wiki/Changes/SELinuxPolicyStoreMigration
>
> Petr
>
--
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.
More information about the devel
mailing list