[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Installing new policy?

From: Tom Mitchell <mitch48 sbcglobal net>
To: fedora-selinux-list redhat com
Subject: Re: Installing new policy?
Date: Mon, 8 Mar 2004 00:05:25 -0800

On Mon, Mar 08, 2004 at 02:20:36AM -0500, Bill Nottingham wrote:
> James Morris (jmorris redhat com) said: 
> > > When new policy & policy-sources packages get downloaded and installed
> > > from development, do I need to do:
> > > 
> > > cd /etc/security/selinux/src/policy
> > > make load
> > > make relabel
> > > 
> > 
> > Yes.
> 
> Does this mean policy *never* gets updated on a new rpm install
> without manual intevention? This seems bad.

If I understand this...

In development cycles having the "current" best practice policy does make sense
for some,  but not outside the context of "default policy development".

The more general procedure would be to 

 cd /etc/security/selinux/src/policy
 # examine, compare with current, update for local needs, scratch, validate... then
 # iff all is ok
 make load
 make relabel

In fact the "policy" on "policy updates" should be the most
constrained in the pile. 

-- 
	T o m  M i t c h e l l 
	/dev/null the ultimate in secure storage.
	mitch48-at-sbcglobal-dot-net

Follow-Ups:
- Re: Installing new policy?
  - From: Bill Nottingham

References:
- Installing new policy?
  - From: Jeffrey C. Ollie
- Re: Installing new policy?
  - From: James Morris
- Re: Installing new policy?
  - From: Bill Nottingham

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]