How to properly upgrade policy

[Daniel J Walsh]

Valdis.Kletnieks at vt.edu wrote:

>On Fri, 25 Jun 2004 10:28:57 CDT, Bob Gustafson <bobgus at rcn.com>  said:
>
>  
>
>>However, looking my output from fixfiles, it seems as though there are
>>gross changes in policy that are occasionally occuring during this
>>development phase (object_r -> system_r).
>>
>>It would be nice to get some sort of indication that a fixfiles run would
>>be helpful when these gross changes occur.
>>    
>>
>
>In the generalized case, how would it know?  (I mean, other than the already
>mentioned 'fixfiles -n -v -o' and look at the logfile and restorecon)?
>
>(Personally, I think a nightly cron job that does something like:
>
>fixfiles -n -v -o /var/tmp/whatever; mail -s "Incorrect contexts" root < /var/tmp/whatever
>mail -s "Incorrect contexts" root < /var/tmp/whatever
>  
>
That is the idea although you might want

fixfiles -n -v -o /var/tmp/whateverfixfiles -n -v -o /var/tmp/whatever || mail -s "Incorrect contexts" root < /var/tmp/whatever

So you only get mail when it finds something.  Of course this means fixfiles exits with a status.  I will look into this.



>is The Right Behavior.  I owe whoever thought of it a beer :)
>
>Right now, *my* single biggest mangler of contexts is all the local and 3rd-party
>stuff that gets into system directories via 'make install' rather than via RPM
>(so far this morning, I've already had one package that I did a 'cvs update'
>and then 'make/make install', and since it supports plugins, the following
>clean-up relabeled about 30 *.so files to shlib_t....
>
>See above-mentioned Right Behavior, and guess who doesn't always remember
>to run fixfiles after a 'make install' and needs to be nagged. :)
>  
>
>------------------------------------------------------------------------
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>  
>