selinux January 2010 archive
Main Archive Page > Month Archives  > selinux archives
selinux: RE: [PATCH 13/13] semanage store migration script

RE: [PATCH 13/13] semanage store migration script

From: Joshua Brindle <jbrindle_at_nospam>
Date: Mon Jan 11 2010 - 19:57:10 GMT
To: <jwcart2@tycho.nsa.gov>, "Caleb Case" <ccase@tresys.com>


On 2010-01-11 James Carter wrote:
> On Fri, 2010-01-08 at 16:27 -0500, Caleb Case wrote: <snip>
>>>
>>>
>>> 3) I can't remove the permissive domain created before the migration
>>> because the default priority level is 400, but the script put
>>> everything at priority 100 and I don't know how to change the priority
>>> for semanage.
>> >> semanage hasn't been updated yet to let you specify priorities. >> > I noticed. ;) > So why does the migration script put everything into priority 100 > instead of the default priority? >

priority 100 is for policies distributed by the distro, 400 is default for user actions (eg., running semodule without adding a priority)

I guess we could add some smarts to the migration script to put things like permissive modules and "local.pp" kinds of modules at 400.

or add a list of modules distributed by red hat *shrug*

I'm not sure any of these are good ideas, but they might soften the migration blow. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.