Control: tags -1 moreinfo On Wed, 18 Nov 2015 19:36:51 +0100 Laurent Bigonville <bi...@debian.org> wrote: > Package: release-notes > Severity: normal > User: selinux-devel@lists.alioth.debian.org > Usertags: selinux > > Hi, > > With the new SELinux userspace 2.4, the policy store has moved from > /etc/selinux/<policy_name> to /var/lib/selinux/<policy_name> (the format > of the store has also changed). > > The packages from the refpolicy (selinux-policy-default and > selinux-policy-mls) should be fixed to automatically migrate the the new > store (ATM this still need to be done, see #805492) > > We should probably document how to do the migration for the policies > maintained directly by the users and quickly explain the differences. > > Cheers, > > Laurent Bigonville > > [...]
Hi, This seems like a good idea. Unfortunately, I know next to nothing about this, so I will need some help with writing this. Some bits that would be helpful to me: * What do the admin need to do to perform them migration? * Do we have a reference (to upstream) about why this is happening? * I assume this is only relevant for people who have installed, enabled SELinux AND written their own SELinux policies? - Given most probably doesn't, I will add a note so people know that they can most likely skip the section. - Is the "set sebool" policies also auto-migrated? * Can the admin easily check if they need to do something? - E.g. do we have a one line shell snippet that can reliably say "manual migration needed" ? (It is fine if we can't, it just intended as extra service to the admins) * Anything else worth mentioning? - Can it be done prior to the upgrade? - Must it be performed after upgrade but before reboot? Thanks, ~Niels _______________________________________________ SELinux-devel mailing list SELinux-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel