Update needed for SELinux kernel config

James Morris jmorris at namei.org
Wed Feb 6 15:18:01 UTC 2008


On Thu, 31 Jan 2008, James Morris wrote:

> Some SELinux changes have just been merged upstream, which include a bump 
> in the SELinux policy version to support dynamic querying of policy 
> capabilities.
> 
> The new maximum supported policy version is 22, so we need this in 
> .config:
> 
> CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE=22

Actually, we don't.  Update from Stephen Smalley:

----

Shouldn't actually be needed (or desired).  That config option is only
when we need to force /selinux/policyvers to a specific value other than
the real max supported by the kernel, and was introduced for legacy
compatibility with Fedora 3 and 4, as noted in the help text.  And the
option won't even be set at all unless its parent option
(CONFIG_SECURITY_SELINUX_POLICYDB_MAX) is set.

Currently unset in Fedora devel CVS, as desired.

----

-- 
James Morris
<jmorris at namei.org>




More information about the Fedora-kernel-list mailing list