SELinux and Shorewall with IPSets
Mr Dash Four
mr.dash.four at googlemail.com
Wed Jun 30 21:31:29 UTC 2010
> Its a bug in policy, and in that regard it affects all systems. The
> problem is that if you are going to maintain your own fork of
> selinux_policy it will be much work to maintain (a fedora update might
> undo your changes)
>
> Therefore it is best to submit this bug report to fedora bugzilla so
> that the fix can be applied upstream, then eventually it will get pushed
> to the repositories and end up on your system.
>
> So in your case, you might want to, in the meantime, fix it with a
> custom module (myseutils.pp) whilst your bug report is processed.
>
I get you know! The way I see it I could maintain the source via a set
of patches recording the changes I have made (the source will only be
updated, the binary selinux-policy-* rpm won't be touched) and not
install (the stock) selinux-policy - from what I've seen apart from
selinux-targeted(minimal,mls) nothing else is dependant on this package,
so it won't break anything (for now, that is!).
This until the fix is officially released, that is.
I have just finished building the image and tested it again - there were
NO errors, none whatsoever! Superb work - thank you!
More information about the selinux
mailing list