On Wed, Nov 23, 2016 at 04:59:03PM +0000, Robert Sharp wrote: > > On 23/11/16 15:58, Jason Zaman wrote: > > Either is fine, but im probably just gonna stabilize the 2.6 userspace > > in a couple weeks so that one is likely easier. and setools4 is waaay > > better than 3. The important point is that you dont want to have both > > policy.29 and policy.30 around. Then you get weirdness like if you > > downgrade a kernel or something random it'll load in the old policy > > which probably doesnt work properly, so whichever you pick, make sure > > you nuke the other one. and semodule -B will rebuild the whole policy > > again and load it. > OK - I will go with policy.30 and add the keywords etc. I did a couple > of local policy changes that may not be needed so will they disappear in > all of this or do I need to remove them somehow first?
If they are in the module store tho, then it should just work without needing to reinsert. Ie, if its in /var/lib/selinux/strict/... If you have local changes tho, I'd just rebuild them and semodule -i them again just in case, it cant hurt. -- Jason
