-----BEGIN PGP SIGNED MESSAGE-----
Aleksander Adamowski wrote:
> Aleksander Adamowski wrote:
>> I've figured out that indeed my unloading of unconfined.pp was causing
>> the problem with loading the base policy. However, copying
>> /usr/share/selinux/targeted/unconfined.pp manually to
>> /etc/selinux/targeted/modules/active/modules has allowed me to load
>> the new base.pp.
> The problem with the solution is that now I cannot "semodule -r
> unconfined" like Dan has advised for Fedora 8.
> On Fedora 9 this results in this error:
> # semodule -r unconfined
> libsepol.context_from_record: type samba_unconfined_script_exec_t is not
> libsepol.context_from_record: could not create context structure
> libsepol.context_from_string: could not create context structure
> libsepol.sepol_context_to_sid: could not convert
bject_r:samba_unconfined_script_exec_t:s 0 to sid
> invalid context system_u
> Has the procedure of removing the "unconfined" module been superseded by
> something else in Fedora 9?
> BTW, this is probably a question to Dan: is there any single place with
> documentation about all the changes in the SELinux policy and procedures
> relating to its customisation between Fedora releases? There is no such
> information in Fedora's release notes (where any sane being would look
> for them first).
> Currently with each Fedora Release there are numerous changes that break
> backward compatibility and significantly change the customisation
> procedures. However, I were able to find information about them only by
> scraping them from all around the web - from interviews with Dan Walsh,
> his LiveJournal blog, some random mailing list discussions,
> half-finished Fedora Wiki pages and so on. Am I missing something?
> Is there a place where comprehensive documentation for all this lies?
I am fixing this in policy so you can remove the unconfined_domain.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
fedora-selinux-list mailing list