From: sds@tycho.nsa.gov (Stephen Smalley)
Date: Tue, 26 Jan 2010 08:41:44 -0500
Subject: [refpolicy] Building MLS/MCS policy
In-Reply-To: <1264513234.19890.16.camel@moss-pluto.epoch.ncsc.mil>
References: <201001252234.o0PMY10H005610@vivaldi37.register.it>
	<1264513234.19890.16.camel@moss-pluto.epoch.ncsc.mil>
Message-ID: <1264513304.19890.17.camel@moss-pluto.epoch.ncsc.mil>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, 2010-01-26 at 08:40 -0500, Stephen Smalley wrote:
> On Mon, 2010-01-25 at 23:34 +0100, Guido Trentalancia wrote:
> > Hold on actually...
> > 
> > It rebooted with the same standard policy and not with the MCS policy.
> > 
> > Hmmm... This problem is persisting ! What should I do ?
> 
> Yes, that makes sense - when libsemanage couldn't load the MCS policy,
> it rolled back to the previous one.
> 
> What you need to do is to install the MCS policy to a different policy
> store (change NAME= in build.conf), then change your /etc/selinux/config
> to point to that store, then reboot.

Actually, there may be an easier way:  you should be able to pass the -n
option to semodule when installing the MCS policy, and then it won't try
to load it.  That should allow it to succeed, at which point you can
reboot.

-- 
Stephen Smalley
National Security Agency