upgrade from fedora core 6 to 9

Stephen Smalley sds at tycho.nsa.gov
Fri May 9 17:42:03 UTC 2008 

On Fri, 2008-05-09 at 13:00 -0400, max bianco wrote:
> 2008/5/8 David Boles <dgboles at gmail.com>:
> > Mike Burger wrote:
> >>>
> >>> On Thu, May 08, 2008 at 12:48:56 -0400,
> >>>  max bianco <maximilianbianco at gmail.com> wrote:
> >>>>
> >>>> Do you see any major issues with SELinux when doing these upgrades? By
> >>>> major issues I mean something that can't be fixed by relabeling the
> >>>> filesystem. I upgraded from 7 to 8 and all went well but I know
> >>>> someone recently had an issue with SELinux going from FC5 to F9(if I
> >>>> remember correctly)the issue was resolved but apparently it was not
> >>>> obvious that SELinux was the problem.
> >>>
> >>> I just had one going from FC5 to F9 that will probably hit you as well.
> >>> The merge of strict and targeted policies changed some things and weren't
> >>> handled when doing a yum upgrade directly from FC5 to F9. What happens
> >>> is that the login to selinux user mapping and the mappings from selinux
> >>> users to such things as prefix, mls default, mls/mcs access and selinux
> >>> roles isn't correct. If you have done any local customization in that
> >>> area you can just look at what it is on a fresh F9 system and use
> >>> semanage
> >>> to add the new selinux users and correct the mappings.
> >>
> >> Makes me glad, more and more, that I turned off selinux.
> >
> >
> >
> > Me too!!!! So that when something finally does bite you in the a$$ you can
> > blame yourself and not Fedora.  ;-)
> >
> > --
> >
> >
> >  David
> >
> 
> I have noticed that there isn't much traffic about SELinux across this
> list. I haven't had any major headaches with it but I think learning
> how to use it will serve everyone better in the long run rather than
> turning it off. If you google for Configuring SELinux Policy, you
> should find a  few good resources. I found a PDF recently :
> 
> www.nsa.gov/SeLinux/papers/policy2.pdf
> 
>  its only about 35 pages or so, i am reading it once through then
> going to examine my policy config and see what I can do with it. So
> far its cleared up a few question marks for me. Its dated  feb of
> 2005, if anyone knows of a more current version i'd appreciate the
> link.

It is fairly out of date.  See 
http://selinuxproject.org/page/User_Resources
for various user resources.

-- 
Stephen Smalley
National Security Agency

More information about the fedora-list mailing list