New design for policy on disk allowing multiple policy rpms to be simultaniously installed.
Daniel J Walsh
dwalsh at redhat.com
Tue May 25 19:36:45 UTC 2004
Jeff Johnson wrote:
> Daniel J Walsh wrote:
>
>>
>>
>> 6. If during the install /etc/sysconfig/selinux does not exist or
>> does not contain an entry for the type of policy, the first one
>> installed will set the context to itself.
>>
>> cat /etc/sysconfig/selinux
>> #
>> # Change the following line to enforcing, permissive or disabled.
>> # On the next boot the machine will come up in one the selected mode
>> #
>> SELINUX=enforcing
>> #
>> # Select the type of policy that you are running current values are
>> # strict and targeted
>> #
>> SELINUXTYPE=strict
>>
>>
>> So if nothing is in the /etc/sysconfig/selinux file and you install
>> strict, strict will be added
>> to config file. If there is an entry then it will be left there.
>> This will allow the installation of both the Strict and Targeted
>> policy and the user can change the choice via this file and can then
>> relabel
>
>
>
> Ah, you want Yet Another Config File parser added to all applications
> that need to determine which policy
> is going to be installed. Well, that's doable, but, well, ick. Perhaps
> there is a new routine in libselinux to
> simplify which policy obtains. There are run-time issues as well: What
> if you are upgrading from targeted
> to strict, which regexes should be used during upgrade?
>
Well no, the libselinux should handle most of the parsing. New
functions are being added to return you the proper file. From a script
it is a simple as
. /etc/sysconfig/selinux
echo $SELINUXTYPE
> 73 de Jeff
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list