New policies installed. Minor problem & change(?)
Tom London
selinux at comcast.net
Wed Jun 2 17:55:14 UTC 2004
I've installed the latest selinux-policy-strict-1.13.2-4 stuff (along
with -sources, libselinux*, etc. dependencies via 'yum update') with
system running selinux-policy-strict-1.13.2-2/enforcing.
A few 'minor' items noted:
1). The install produced protection/access messages when attempting to
write/create /etc/selinux/strict/policy/policy.17 (the usual 'creating
in .rpmnew' thing). Did this once for selinux-policy-strict and once
for selinux-policy-strict-sources.
(I had just completed a 'fixfiles relabel' with
selinux-policy-strict-1.13.2-2, so I'm confident that the /etc/selinux
directory was properly labeled.)
I then did a manual 'mv policy.17 policy.17.rpmsave; mv policy.17.rpmnew
policy.17', rebooted single-user, and did a 'fixfiles relabel', and then
rebooted multi-user.
('fixfiles relabel/check' now fails if run in enforcing mode
('Permission denied' for file_contexts). Works if you 'setenforce 0'
first. Did I miss a change?)
2). Also, there now is a complete absence of 'avc' messages in
/var/log/messages. Is this expected?
3). I checked the scripts on the policy rpms and it looks like the
reference to 'POLICYTYPE' is gone (replaced with 'SELINUXTYPE'). Is it
safe to remove the 'POLICYTYPE=strict' line from /etc/sysconfig/selinux
and from /etc/selinux/config? Can I safely remove one file?
Thanks for the updates!
tom
More information about the selinux
mailing list