Update needed for SELinux kernel config
James Morris
jmorris at namei.org
Wed Feb 6 15:18:01 UTC 2008
On Thu, 31 Jan 2008, James Morris wrote:
> Some SELinux changes have just been merged upstream, which include a bump
> in the SELinux policy version to support dynamic querying of policy
> capabilities.
>
> The new maximum supported policy version is 22, so we need this in
> .config:
>
> CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE=22
Actually, we don't. Update from Stephen Smalley:
----
Shouldn't actually be needed (or desired). That config option is only
when we need to force /selinux/policyvers to a specific value other than
the real max supported by the kernel, and was introduced for legacy
compatibility with Fedora 3 and 4, as noted in the help text. And the
option won't even be set at all unless its parent option
(CONFIG_SECURITY_SELINUX_POLICYDB_MAX) is set.
Currently unset in Fedora devel CVS, as desired.
----
--
James Morris
<jmorris at namei.org>
More information about the Fedora-kernel-list
mailing list