selinux January 2010 archive
Main Archive Page > Month Archives  > selinux archives
selinux: RE: [PATCH 13/13] semanage store migration script

RE: [PATCH 13/13] semanage store migration script

From: Joshua Brindle <jbrindle_at_nospam>
Date: Mon Jan 11 2010 - 19:57:10 GMT
To: <>, "Caleb Case" <>

On 2010-01-11 James Carter wrote:
> On Fri, 2010-01-08 at 16:27 -0500, Caleb Case wrote: <snip>
>>> 3) I can't remove the permissive domain created before the migration
>>> because the default priority level is 400, but the script put
>>> everything at priority 100 and I don't know how to change the priority
>>> for semanage.
>> >> semanage hasn't been updated yet to let you specify priorities. >> > I noticed. ;) > So why does the migration script put everything into priority 100 > instead of the default priority? >

priority 100 is for policies distributed by the distro, 400 is default for user actions (eg., running semodule without adding a priority)

I guess we could add some smarts to the migration script to put things like permissive modules and "local.pp" kinds of modules at 400.

or add a list of modules distributed by red hat *shrug*

I'm not sure any of these are good ideas, but they might soften the migration blow. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to with the words "unsubscribe selinux" without quotes as the message.