On Fri, 2008-05-09 at 13:00 -0400, max bianco wrote: > 2008/5/8 David Boles <dgboles@xxxxxxxxx>: > > Mike Burger wrote: > >>> > >>> On Thu, May 08, 2008 at 12:48:56 -0400, > >>> max bianco <maximilianbianco@xxxxxxxxx> wrote: > >>>> > >>>> Do you see any major issues with SELinux when doing these upgrades? By > >>>> major issues I mean something that can't be fixed by relabeling the > >>>> filesystem. I upgraded from 7 to 8 and all went well but I know > >>>> someone recently had an issue with SELinux going from FC5 to F9(if I > >>>> remember correctly)the issue was resolved but apparently it was not > >>>> obvious that SELinux was the problem. > >>> > >>> I just had one going from FC5 to F9 that will probably hit you as well. > >>> The merge of strict and targeted policies changed some things and weren't > >>> handled when doing a yum upgrade directly from FC5 to F9. What happens > >>> is that the login to selinux user mapping and the mappings from selinux > >>> users to such things as prefix, mls default, mls/mcs access and selinux > >>> roles isn't correct. If you have done any local customization in that > >>> area you can just look at what it is on a fresh F9 system and use > >>> semanage > >>> to add the new selinux users and correct the mappings. > >> > >> Makes me glad, more and more, that I turned off selinux. > > > > > > > > Me too!!!! So that when something finally does bite you in the a$$ you can > > blame yourself and not Fedora. ;-) > > > > -- > > > > > > David > > > > I have noticed that there isn't much traffic about SELinux across this > list. I haven't had any major headaches with it but I think learning > how to use it will serve everyone better in the long run rather than > turning it off. If you google for Configuring SELinux Policy, you > should find a few good resources. I found a PDF recently : > > www.nsa.gov/SeLinux/papers/policy2.pdf > > its only about 35 pages or so, i am reading it once through then > going to examine my policy config and see what I can do with it. So > far its cleared up a few question marks for me. Its dated feb of > 2005, if anyone knows of a more current version i'd appreciate the > link. It is fairly out of date. See http://selinuxproject.org/page/User_Resources for various user resources. -- Stephen Smalley National Security Agency -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
