Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
Re: rpm -V selinux-policy-targeted: msg#00107
|
Subject: |
Re: rpm -V selinux-policy-targeted |
Daniel J Walsh wrote:
Joe Orton wrote:
On Wed, Nov 24, 2004 at 10:05:55AM -0500, Daniel J Walsh wrote:
Joe Orton wrote:
...
..5....T. c /etc/selinux/targeted/policy/policy.18
Since policy/policy.18 is marked %config(noreplace) the new policy.18
file is installed as policy.18.rpmnew and hence it seems manual
intervention is needed to load the new policy, it's not a simple
rpm -U
or up2date run away - is this desirable?
This means that you modified the file_context/policy.18 file by
using selinux-policy-targeted-sources file.
The upgrade of selinux-policy-targeted-sources should do a make
reload when it completes, causing the policy.18 and file_contexts file
to be replaced. This way if you made local changes they will be
maintained. (There was/is a bug with the moving of the /usr/bin files
to /usr/sbin that is causing certain *sources rpms not to do a make
load.
No, I didn't make any local changes, I haven't touched the files, this
was on a fresh kickstart. Ah, it looks like the %post script for
selinux-policy-targeted-sources will reload the policy the first time
it's installed too, i.e. by anaconda. So it's doomed from the out.
That could be changed to really only happen on upgrades, but I'd
question whether -sources should automatically reload the policy at
all. Getting so easily into a state where "up2date
selinux-targeted-policy"
doesn't automatically apply policy updates (given no local modifications
to the sources) is bad.
Ok we can turn off automatic update of policy from
selinux-policy-*sources, but then
the user will need to manually update the policy if he has manipulated
it.
A more seamless mechanism to upgrade policy is gonna be needed eventually.
I know of several problem areas, ready to attempt better upgrade if/when
you are,
if you wish to attempt through rpm. A distribution mechanism outside rpm is
a quite sane alternative implementation as well.
73 de Jeff
|
| |
