SELinux and compatibility
Stephen Smalley
sds at epoch.ncsc.mil
Thu Apr 1 16:11:56 UTC 2004
On Thu, 2004-04-01 at 10:32, Paul Bender wrote:
> 2. I have had no problems using the vanilla 2.6.4 kernel with the
> appropiate SELinux options enabled in the config
Just FYI, you'll need to use 2.6.5-rc3 if you want to be able to load
newer policies; the binary policy format has changed due to an extension
to the SELinux policy engine. The current FC2 devel 2.6.4 kernel
includes the changes from 2.6.5-rc3, and the latest FC2 devel policy
package has been rebuilt for the new policy version. Compatibility
support in the kernel, checkpolicy, and SysVinit has been provided to
ease the transition; the new kernel will accept either policy version
(but tells userspace to try the latest version first), checkpolicy will
generate the old policy version if called with -c (and the policy
Makefile has a POLICYCOMPAT definition to use it), and /sbin/init will
try loading an older policy version if it cannot find the latest one.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-test-list
mailing list