On Mon, Aug 06, 2007 at 09:43:17AM -0500, Manoj Srivastava wrote: > So, if you want strict policy, you need to install it, label the > file system, and manually switch to it, using the /etc/selinux/config > manually.
Doing it in that order doesn't really work. You first need to switch the policy and then relabel it. I did first relabel it while it was still set to targetted policy. I assumed it loaded the strict policy, but it wasn't. Since I didn't actually have the targetted policy installed, there wasn't any policy loaded at all, and it decided to label everything to be in the kernel context. > Secondly, since that file is a configuration file, it is not easy for > packages to just go and edit it. It doesn't seem to be a config file to dpkg. I have no idea which package made that file. I would have filed the bug against that package if I did. In any case, a debconf question asking about which of the policies you want to use and don't prompt if you only have 1 of them installed would be nice. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
