[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Not good

From: Stephen Smalley <sds epoch ncsc mil>
To: "Fedora SELinux support list for users & developers." <fedora-selinux-list redhat com>
Subject: Re: Not good
Date: Mon, 05 Apr 2004 11:34:06 -0400

On Mon, 2004-04-05 at 11:27, Gene Czarcinski wrote:
> 3. From what I see, there is no reason to have the policy package at all since 
> policy-sources will build the needed files (except for 
> /etc/security/{default_contexts,default_type,failsafe_context} and they could 
> be in policy-sources too.

As I understand it, the intent of policy is to support minimal installs,
where the policy-sources and associated dependencies are not desirable. 
However, note that policy updates can't preserve local customizations,
e.g. tunables or users, whereas policy-sources updates do.  If you have
never customized your policy at all, then you should just be able to
update policy.  If you have customized your policy and rebuilt it, then
the %config(noreplace) should protect the binary policy against direct
policy updates, and should protect tunables and users against
policy-sources updates.

-- 
Stephen Smalley <sds epoch ncsc mil>
National Security Agency

Follow-Ups:
- Re: Not good
  - From: Gene Czarcinski

References:
- Not good
  - From: Gene Czarcinski
- Re: Not good
  - From: Jeff Johnson
- Re: Not good
  - From: Chris Ricker
- Re: Not good
  - From: Gene Czarcinski

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]