1 |
On Sun, 2007-04-01 at 10:18 -0400, Chris PeBenito wrote: |
2 |
> On Sun, 2007-04-01 at 10:43 +0200, Marek Wróbel wrote: |
3 |
> > Chris PeBenito wrote: |
4 |
> > > Already fixed, please emerge sync. However you'll likely run into a |
5 |
> > > toolchain bug that was just uncovered this week :( |
6 |
> > > |
7 |
> > |
8 |
> > Could you write any details about this bug before we run into it ? I |
9 |
> > would like to know what to do not to screw my system up. |
10 |
> |
11 |
> Its a bug during the link/expand portion of the final policy building. |
12 |
> This happens when the policy is rebuilt because you insert or remove a |
13 |
> policy module using semodule. It causes install/remove transactions to |
14 |
> fail. I'm not 100% sure what the circumstances are that hits this bug, |
15 |
> but I think it has to do with booleans that are optionally declared in |
16 |
> modules. If you want to just avoid all this, wait until I post that a |
17 |
> fixed toolchain is available before using the 20070329 policies. |
18 |
> Hopefully it should be sometime this week since a patch is in testing. |
19 |
|
20 |
Libsepol-1.16.2 has been committed. This should fix the policy linking. |
21 |
One thing with the 20070329 policies is that booleans have been moved |
22 |
from the base module out into the individual modules. For example, all |
23 |
of the apache booleans used to be in the base module, but now have been |
24 |
moved back to the apache module. However this means that all of the |
25 |
modules need to be reloaded simultaneously. I made a script [1] which |
26 |
can be placed in your local policy directory (where you built a local.pp |
27 |
if you have one). Run the script from that directory, then both strict |
28 |
and targeted policies should be refreshed. If you don't have any local |
29 |
policy, then it can be ran from anywhere. Make sure that all of the |
30 |
policies from portage are updated to 20070329 otherwise the script will |
31 |
likely fail. |
32 |
|
33 |
[1] http://dev.gentoo.org/~pebenito/refresh_policy.sh |
34 |
|
35 |
-- |
36 |
Chris PeBenito |
37 |
<pebenito@g.o> |
38 |
Developer, |
39 |
Hardened Gentoo Linux |
40 |
|
41 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
42 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |