SELinux and compatibility
Paul Bender
pbender at qualcomm.com
Thu Apr 1 16:16:48 UTC 2004
Thanks for the information. I have switched to a vanilla 2.6.5-rc3 kernel.
Stephen Smalley wrote:
> On Thu, 2004-04-01 at 10:32, Paul Bender wrote:
>
>>2. I have had no problems using the vanilla 2.6.4 kernel with the
>>appropiate SELinux options enabled in the config
>
>
> Just FYI, you'll need to use 2.6.5-rc3 if you want to be able to load
> newer policies; the binary policy format has changed due to an extension
> to the SELinux policy engine. The current FC2 devel 2.6.4 kernel
> includes the changes from 2.6.5-rc3, and the latest FC2 devel policy
> package has been rebuilt for the new policy version. Compatibility
> support in the kernel, checkpolicy, and SysVinit has been provided to
> ease the transition; the new kernel will accept either policy version
> (but tells userspace to try the latest version first), checkpolicy will
> generate the old policy version if called with -c (and the policy
> Makefile has a POLICYCOMPAT definition to use it), and /sbin/init will
> try loading an older policy version if it cannot find the latest one.
>
More information about the fedora-test-list
mailing list