[refpolicy] Building MLS/MCS policy
Stephen Smalley
sds at tycho.nsa.gov
Tue Jan 26 07:41:44 CST 2010
On Tue, 2010-01-26 at 08:40 -0500, Stephen Smalley wrote:
> On Mon, 2010-01-25 at 23:34 +0100, Guido Trentalancia wrote:
> > Hold on actually...
> >
> > It rebooted with the same standard policy and not with the MCS policy.
> >
> > Hmmm... This problem is persisting ! What should I do ?
>
> Yes, that makes sense - when libsemanage couldn't load the MCS policy,
> it rolled back to the previous one.
>
> What you need to do is to install the MCS policy to a different policy
> store (change NAME= in build.conf), then change your /etc/selinux/config
> to point to that store, then reboot.
Actually, there may be an easier way: you should be able to pass the -n
option to semodule when installing the MCS policy, and then it won't try
to load it. That should allow it to succeed, at which point you can
reboot.
--
Stephen Smalley
National Security Agency
More information about the refpolicy
mailing list