Hold on actually...
It rebooted with the same standard policy and not with the MCS policy.
Hmmm... This problem is persisting ! What should I do ?
Guido
On Mon, 2010-01-25 at 23:34 +0100, Guido Trentalancia wrote:
> Hold on actually...
>
> It rebooted with the same standard policy and not with the MCS policy.
>
> Hmmm... This problem is persisting ! What should I do ?
Yes, that makes sense - when libsemanage couldn't load the MCS policy,
it rolled back to the previous one.
What you need to do is to install the MCS policy to a different policy
store (change NAME= in build.conf), then change your /etc/selinux/config
to point to that store, then reboot.
--
Stephen Smalley
National Security Agency
On Tue, 2010-01-26 at 08:40 -0500, Stephen Smalley wrote:
> On Mon, 2010-01-25 at 23:34 +0100, Guido Trentalancia wrote:
> > Hold on actually...
> >
> > It rebooted with the same standard policy and not with the MCS policy.
> >
> > Hmmm... This problem is persisting ! What should I do ?
>
> Yes, that makes sense - when libsemanage couldn't load the MCS policy,
> it rolled back to the previous one.
>
> What you need to do is to install the MCS policy to a different policy
> store (change NAME= in build.conf), then change your /etc/selinux/config
> to point to that store, then reboot.
Actually, there may be an easier way: you should be able to pass the -n
option to semodule when installing the MCS policy, and then it won't try
to load it. That should allow it to succeed, at which point you can
reboot.
--
Stephen Smalley
National Security Agency