[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Installing new policy?

From: Russell Coker <russell coker com au>
To: fedora-selinux-list redhat com
Subject: Re: Installing new policy?
Date: Tue, 9 Mar 2004 15:33:36 +1100

On Tue, 9 Mar 2004 04:53, Tom Mitchell <mitch48 yahoo com> wrote:
> If you're pushing new policy that actually fixes bugs will it break site
> policy? I would be unhappy if my co-lo box had this line changed. ;-)
> ? ?# uncomment to allow ssh logins as sysadm_r:sysadm_t
> ? ?define(`ssh_sysadm_login')

This is a difficult issue.  For Debian I have it ask a heap of questions at 
policy upgrade time about replacing policy files, but lots of people seem to 
dislike that.

One possibility is to replace files that have not been changed.  However that 
means that if a macro changes without the calling code changing then it could 
break policy compiles.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Follow-Ups:
- Re: Installing new policy?
  - From: Stephen C. Tweedie
- Re: Installing new policy?
  - From: Daniel J Walsh

References:
- Installing new policy?
  - From: Jeffrey C. Ollie
- Re: Installing new policy?
  - From: Russell Coker
- Re: Installing new policy?
  - From: Tom Mitchell

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]