| 1 |
On Tue, 2003-09-09 at 12:09, Peter Simons wrote: |
| 2 |
> Do you have any idea, how complex that conversion will be? Or, to put |
| 3 |
> it differently: Is it wise to install a fresh system with the current |
| 4 |
> versions or should I better wait a few weeks until the new-API stuff |
| 5 |
> is available? |
| 6 |
|
| 7 |
To give you an idea, conversion is a little more complicated than the |
| 8 |
conversion instructions in the current SELinux Quickstart. Hopefully |
| 9 |
some of the documentation will be ready very soon (portage will take a |
| 10 |
bit longer) so you can peruse it before we initiate the API transition. |
| 11 |
However, I think people considering installing a new SELinux machine |
| 12 |
should probably wait. |
| 13 |
|
| 14 |
The main thing that creates the additional complexity is that you can't |
| 15 |
relabel in a non-SELinux extended attribute kernel anymore, so the |
| 16 |
recompiling and relabeling of the SELinux-patched programs needs to be |
| 17 |
done at the right time, or you might not be able to log in. Also the |
| 18 |
initial policy load when booting is now done from an initial ramdisk |
| 19 |
(initrd), rather than the kernel directly reading it from disk. |
| 20 |
|
| 21 |
-- |
| 22 |
Chris PeBenito |
| 23 |
<pebenito@g.o> |
| 24 |
Developer, SELinux |
| 25 |
Hardened Gentoo Linux |
| 26 |
|
| 27 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
| 28 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |
Archives