FC3... install/update ?

Stephen Smalley sds at epoch.ncsc.mil
Mon Jul 12 15:09:58 UTC 2004


On Mon, 2004-07-12 at 10:46, Tom London wrote:
> Thanks.
> 
> I have 3 systems: one running 'stock' FC2, the other 2
> running off the development and Arjan's tree.
> 
> I'll try the 'yum update' on the stock system.

As I mentioned, you want to use 'yum upgrade' to get it to pull in
selinux-policy-strict, I think.  'yum update' doesn't seem to replace
'policy' with 'selinux-policy-strict'.

> I'm assuming (hoping?) that the 'bleeding edge'
> systems will just update (i.e., 'yum update')
> smoothly..... (they've already lost the '2'
> from the login splash screen, and yum.conf
> has been updated to point only at the
> development tree).

I expect so.  I have several machines running off of the development
tree, with one using targeted policy and the rest using strict policy.

> FC2T1 clean install had issues with
> SELinux installs (home directories not properly
> labeled, ...).  The bugzilla entry for this
> (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123856)
> is not closed....
> 
> Has this been fixed? Need testing?

I don't know; there are file_type_auto_trans() rules in firstboot.te for
user home directories, but I'm not clear as to whether all issues have
been resolved.  useradd really needs a bit of SELinux awareness, IMHO. 
And I seem to recall /etc/passwd and /etc/group being re-written into
the wrong type by firstboot as well during FC2 installs.

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency




More information about the selinux mailing list