| 1 |
On Wed, Nov 23, 2016 at 04:59:03PM +0000, Robert Sharp wrote: |
| 2 |
> |
| 3 |
> On 23/11/16 15:58, Jason Zaman wrote: |
| 4 |
> > Either is fine, but im probably just gonna stabilize the 2.6 userspace |
| 5 |
> > in a couple weeks so that one is likely easier. and setools4 is waaay |
| 6 |
> > better than 3. The important point is that you dont want to have both |
| 7 |
> > policy.29 and policy.30 around. Then you get weirdness like if you |
| 8 |
> > downgrade a kernel or something random it'll load in the old policy |
| 9 |
> > which probably doesnt work properly, so whichever you pick, make sure |
| 10 |
> > you nuke the other one. and semodule -B will rebuild the whole policy |
| 11 |
> > again and load it. |
| 12 |
> OK - I will go with policy.30 and add the keywords etc. I did a couple |
| 13 |
> of local policy changes that may not be needed so will they disappear in |
| 14 |
> all of this or do I need to remove them somehow first? |
| 15 |
|
| 16 |
If they are in the module store tho, then it should just work without |
| 17 |
needing to reinsert. Ie, if its in /var/lib/selinux/strict/... |
| 18 |
If you have local changes tho, I'd just rebuild them and semodule -i them |
| 19 |
again just in case, it cant hurt. |
| 20 |
|
| 21 |
-- Jason |
Archives