| 1 |
On Sun, 2007-04-01 at 10:18 -0400, Chris PeBenito wrote: |
| 2 |
> On Sun, 2007-04-01 at 10:43 +0200, Marek Wróbel wrote: |
| 3 |
> > Chris PeBenito wrote: |
| 4 |
> > > Already fixed, please emerge sync. However you'll likely run into a |
| 5 |
> > > toolchain bug that was just uncovered this week :( |
| 6 |
> > > |
| 7 |
> > |
| 8 |
> > Could you write any details about this bug before we run into it ? I |
| 9 |
> > would like to know what to do not to screw my system up. |
| 10 |
> |
| 11 |
> Its a bug during the link/expand portion of the final policy building. |
| 12 |
> This happens when the policy is rebuilt because you insert or remove a |
| 13 |
> policy module using semodule. It causes install/remove transactions to |
| 14 |
> fail. I'm not 100% sure what the circumstances are that hits this bug, |
| 15 |
> but I think it has to do with booleans that are optionally declared in |
| 16 |
> modules. If you want to just avoid all this, wait until I post that a |
| 17 |
> fixed toolchain is available before using the 20070329 policies. |
| 18 |
> Hopefully it should be sometime this week since a patch is in testing. |
| 19 |
|
| 20 |
Libsepol-1.16.2 has been committed. This should fix the policy linking. |
| 21 |
One thing with the 20070329 policies is that booleans have been moved |
| 22 |
from the base module out into the individual modules. For example, all |
| 23 |
of the apache booleans used to be in the base module, but now have been |
| 24 |
moved back to the apache module. However this means that all of the |
| 25 |
modules need to be reloaded simultaneously. I made a script [1] which |
| 26 |
can be placed in your local policy directory (where you built a local.pp |
| 27 |
if you have one). Run the script from that directory, then both strict |
| 28 |
and targeted policies should be refreshed. If you don't have any local |
| 29 |
policy, then it can be ran from anywhere. Make sure that all of the |
| 30 |
policies from portage are updated to 20070329 otherwise the script will |
| 31 |
likely fail. |
| 32 |
|
| 33 |
[1] http://dev.gentoo.org/~pebenito/refresh_policy.sh |
| 34 |
|
| 35 |
-- |
| 36 |
Chris PeBenito |
| 37 |
<pebenito@g.o> |
| 38 |
Developer, |
| 39 |
Hardened Gentoo Linux |
| 40 |
|
| 41 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
| 42 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |
Archives