[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: SELinux and compatibility

From: Stephen Smalley <sds epoch ncsc mil>
To: For testers of Fedora Core development releases <fedora-test-list redhat com>
Subject: Re: SELinux and compatibility
Date: Thu, 01 Apr 2004 11:11:56 -0500

On Thu, 2004-04-01 at 10:32, Paul Bender wrote:
> 2. I have had no problems using the vanilla 2.6.4 kernel with the 
> appropiate SELinux options enabled in the config

Just FYI, you'll need to use 2.6.5-rc3 if you want to be able to load
newer policies; the binary policy format has changed due to an extension
to the SELinux policy engine.  The current FC2 devel 2.6.4 kernel
includes the changes from 2.6.5-rc3, and the latest FC2 devel policy
package has been rebuilt for the new policy version.  Compatibility
support in the kernel, checkpolicy, and SysVinit has been provided to
ease the transition; the new kernel will accept either policy version
(but tells userspace to try the latest version first), checkpolicy will
generate the old policy version if called with -c (and the policy
Makefile has a POLICYCOMPAT definition to use it), and /sbin/init will
try loading an older policy version if it cannot find the latest one.

-- 
Stephen Smalley <sds epoch ncsc mil>
National Security Agency

Follow-Ups:
- Re: SELinux and compatibility
  - From: Paul Bender

References:
- SELinux and compatibility
  - From: Erez Hadad
- Re: SELinux and compatibility
  - From: Paul Bender

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]