Installing new policy?
Stephen C. Tweedie
sct at redhat.com
Tue Mar 9 13:20:44 UTC 2004
Hi,
On Tue, 2004-03-09 at 11:57, Russell Coker wrote:
> > That's basically what %config will do in rpm. It's probably the
> > simplest default behaviour for things like tunables.te.
>
> Yes, that will work quite well for tunable.te except when we add a new entry
> that defaults to enabled. If we produce a new policy that has
> define(`do_whatever') in the default tunable.te then users of the old policy
> won't get it.
That's true, but they _will_ get log output telling that the new config
file has been created as tunables.te.rpmnew, and they can merge it
themselves. There's really no straightforward way to get any better
automation for it than that, right now, unless we move each tunable to a
separate file in a tunables/ directory (and it might well make sense to
do that, at least to group related tunables together.)
Cheers,
Stephen
More information about the fedora-selinux-list
mailing list