From: Joshua Brindle <jbrindle@tresys.com>
To: Ivan Gyurdiev <ivg2@cornell.edu>
Cc: Stephen Smalley <sds@tycho.nsa.gov>,
SELinux-dev@tresys.com, SELinux@tycho.nsa.gov, dwalsh@redhat.com
Subject: Re: [ SEMANAGE ] Install seusers, rename some files
Date: Tue, 01 Nov 2005 16:05:19 -0500 [thread overview]
Message-ID: <4367D88F.1080309@tresys.com> (raw)
In-Reply-To: <4367DA3C.3020308@cornell.edu>
Ivan Gyurdiev wrote:
>>
>> I think moving the local files into the sandbox upon policy update (via
>> %post scriptlet in the policy package) is reasonable, as this is only
>> needed for migration and will not be done subsequently.
>
> I guess at that point we also want to migrate booleans.local,
> local.users, and install the base module?
> Dan, can you add such a script?
>
> - copy /etc/selinux/?/seusers into /etc/selinux/?/modules/active/seusers
fine
> - copy /etc/selinux/?/local.users into
> /etc/selinux/?/modules/active/users.local [ renamed ]
this could potentially be done the same way as booleans below, except
that there isn't a user of the user api in libsemanage yet, so that
would be written; with seuser handling the vast majority of users now
this isn't very high priority.
> - copy /etc/selinux/?/booleans.local into
> /etc/selinux/?/modules/active/booleans.local
not sure about this. It would not be difficult to read the old booleans
file and pipe the info through setsebool -p.
> - install base module into /etc/selinux/?/modules/active/base.pp (is
> this managed by rpm?)
>
the base.pp will be placed in /usr/share/selinux and then be installed
via semodule -b.
>> Yes. But we need to avoid breaking use of semodule -b now via this
>> patch until such a time as the seusers support is in place, so possibly
>> I should just change the error handling here to just WARN and proceed
>> with the reload.
>
> Hmm... that sounds reasonable... I think.
>
Not even sure a warn is necessary IMO, read other response.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2005-11-01 21:05 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-01 1:12 [ SEMANAGE ] Install seusers, rename some files Ivan Gyurdiev
2005-11-01 20:10 ` Stephen Smalley
2005-11-01 20:34 ` Ivan Gyurdiev
2005-11-01 20:41 ` Stephen Smalley
2005-11-01 21:12 ` Ivan Gyurdiev
2005-11-01 21:05 ` Joshua Brindle [this message]
2005-11-01 21:42 ` Ivan Gyurdiev
2005-11-01 21:40 ` Stephen Smalley
2005-11-01 21:08 ` Stephen Smalley
2005-11-01 21:11 ` Stephen Smalley
2005-11-01 21:31 ` Ivan Gyurdiev
2005-11-01 21:27 ` Stephen Smalley
2005-11-01 21:15 ` Ivan Gyurdiev
2005-11-01 20:56 ` Ivan Gyurdiev
2005-11-01 21:02 ` Joshua Brindle
2005-11-01 21:10 ` Stephen Smalley
2005-11-01 21:20 ` Ivan Gyurdiev
2005-11-01 21:11 ` Joshua Brindle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4367D88F.1080309@tresys.com \
--to=jbrindle@tresys.com \
--cc=SELinux-dev@tresys.com \
--cc=SELinux@tycho.nsa.gov \
--cc=dwalsh@redhat.com \
--cc=ivg2@cornell.edu \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.