up2date, Large Medium and small updates....
Russell Coker
russell at coker.com.au
Wed Mar 10 08:03:18 UTC 2004
On Wed, 10 Mar 2004 12:40, Tom Mitchell <mitch48 at yahoo.com> wrote:
> The more general question is that for Large Medium and small updates....
> there may always be a question when one or more "makes" in the policy
> area will be needed. Is there a good way to check... will make
> check-all do the right thing?
>
> cd /etc/security/selinux/src/policy
> make ????? # lots of choices...
> make relabel # necessary? when and how to check ...
>
> Is it necessary/useful to do stuff like this before or after a reboot?
> Is there a difference from vanilla in how promptly a reboot and other
> housecleaning for SELinux is needed? i.e. will audit go nuts...
In general use there should not be any need for a relabel except after severe
file system corruption, a backup/restore with non-XATTR aware backup
software, or booting a non-SE Linux kernel.
> Also I have taken to adding an alternate boot section in
> /boot/grub/grub.conf. Is this useful, useless, sane, silly,
> underkill, overkill. Thus...:
Grub is really good for allowing you to edit the kernel command line before
booting it. So if you have problems you can always tell it to boot the
kernel with selinux=0 appended even if that is not in your grub.conf.
If you accidentally boot a non-SE kernel then /etc/mtab and a few other files
will get the wrong label, which will be really annoying for you. We are
working on these issues, but in the mean-time you probably don't want to make
it too easy to accidentally boot a non-SE kernel.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the selinux
mailing list