[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Installing new policy?

From: "Stephen C. Tweedie" <sct redhat com>
To: fedora-selinux-list redhat com
Cc: Stephen Tweedie <sct redhat com>, Russell Coker <russell coker com au>
Subject: Re: Installing new policy?
Date: 09 Mar 2004 13:20:44 +0000

Hi,

On Tue, 2004-03-09 at 11:57, Russell Coker wrote:

> > That's basically what %config will do in rpm.  It's probably the
> > simplest default behaviour for things like tunables.te.
> 
> Yes, that will work quite well for tunable.te except when we add a new entry 
> that defaults to enabled.  If we produce a new policy that has 
> define(`do_whatever') in the default tunable.te then users of the old policy 
> won't get it.

That's true, but they _will_ get log output telling that the new config
file has been created as tunables.te.rpmnew, and they can merge it
themselves.  There's really no straightforward way to get any better
automation for it than that, right now, unless we move each tunable to a
separate file in a tunables/ directory (and it might well make sense to
do that, at least to group related tunables together.)

Cheers,
 Stephen

References:
- Installing new policy?
  - From: Jeffrey C. Ollie
- Re: Installing new policy?
  - From: Russell Coker
- Re: Installing new policy?
  - From: Stephen C. Tweedie
- Re: Installing new policy?
  - From: Russell Coker

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]