From: Tom <tom@lemuria.org>
To: selinux@tycho.nsa.gov
Subject: Re: policy version
Date: Tue, 1 Oct 2002 16:11:07 +0200 [thread overview]
Message-ID: <20021001161106.C24885@lemuria.org> (raw)
In-Reply-To: <200210011604.25300.russell@coker.com.au>; from russell@coker.com.au on Tue, Oct 01, 2002 at 04:04:25PM +0200
On Tue, Oct 01, 2002 at 04:04:25PM +0200, Russell Coker wrote:
> Firstly your machine should still work. The way things are designed to
> operate is that a unique file name is used for each version of the policy.
> So if you had a previously operational system with policy V11 and you did not
> delete any files then it should still boot up loading that V11 policy. You
> won't be able to load a new V12 policy but that should not be a serious
> problem, your machine should still be in a state that allows you to compile
> the kernel.
The v11 policy went down the drain due to a mistake that I made before
upgrading (ironically, the intent of moving some stuff away was to make
sure it neither gets overwritten nor is in the way of something).
> The way this is designed to work is that the "se_apt-get upgrade" will get you
> a new policy (which will install but not load) and a new kernel patch to
> match. Then if you build a new kernel-image package with that kernel patch
> then it'll support the V12 policy and everything will be fine after a reboot.
I will do that once I restored networking and report back with the
result. If it works, I'll collect what I learned today into a small
"howto save your soul after messing up your SELinux install" doc.
> Another option is to use the kernel-image packages Brian is producing, he has
> re-built all his packages with V12 policy support. He appears to be going to
> a lot of effort to build those packages so it would be good if someone uses
> them...
Roger, I'll do that on the other machine which I'm installing from
scratch.
--
PGP/GPG key: http://web.lemuria.org/pubkey.html
pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 9FA1 2D7A 04F5
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
prev parent reply other threads:[~2002-10-01 14:11 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-01 11:15 policy version Tom
2002-10-01 11:46 ` Stephen Smalley
2002-10-01 12:28 ` Tom
2002-10-01 12:50 ` Stephen Smalley
2002-10-01 13:30 ` Tom
2002-10-01 13:51 ` Stephen Smalley
2002-10-01 14:00 ` Tom
2002-10-01 14:04 ` Russell Coker
2002-10-01 14:11 ` Tom [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20021001161106.C24885@lemuria.org \
--to=tom@lemuria.org \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.