Hi Stephan, I was thinking this was a CERN se policy change and wasn't worrying about it too much (although it's nice to have those things in a rpm package for examples of how to do it.) The actual concern I have is whether this is going to affect the generic S.L., and if it is, what is the correct way to fix it. Troy Stephan Wiesand wrote: > Works for me (updating the packages in %post during installation). > The policy changes are similar to something I'd tried successfully before. > I still get a warning when moving a file from AFS into /tmp (not in the > other direction, this now works). > > Having these changes in 4.2 would be good. > > NB when compared to CIFS: > > type cifs_t, fs_type, root_dir_type, noexattrfile, sysadmfile; > type afs_t, fs_type, root_dir_type, noexattrfile; > > Did I get it right that this will only make a difference under the > strict policy? I have to learn more about SELinux... > > Thanks a lot for the packages, > Stephan > > On Fri, 11 Nov 2005, Jan Iven wrote: > >> On Fri, 2005-11-11 at 15:29 +0100, Stephan Wiesand wrote: >> >>> Hallo Jan, >>> >>>> We are currently testing patched policy files, you may want to >>>> incorporate these. >>> >>> >>> Would you make those available? >> >> >> http://linuxsoft.cern.ch/cern/slc4X/updates/testing/i386/RPMS/policycoreutils-1.18.1-4.7.cern.i386.rpm >> >> http://linuxsoft.cern.ch/cern/slc4X/updates/testing/i386/RPMS/selinux-policy-targeted-1.17.30-2.110.cern2.noarch.rpm >> >> http://linuxsoft.cern.ch/cern/slc4X/updates/testing/i386/RPMS/selinux-policy-targeted-sources-1.17.30-2.110.cern2.noarch.rpm >> >> >> http://linuxsoft.cern.ch/cern/slc4X/updates/testing/i386/SRPMS/policycoreutils-1.18.1-4.7.cern.src.rpm >> >> http://linuxsoft.cern.ch/cern/slc4X/updates/testing/i386/SRPMS/selinux-policy-targeted-1.17.30-2.110.cern2.src.rpm >> >> >> we have proposed the (minimal, just a new fs_type and some safeguards in >> the scripts) patches to Red Hat who hopefully will take them. >> >> Best regards >> jan >> > -- __________________________________________________ Troy Dawson [log in to unmask] (630)840-6468 Fermilab ComputingDivision/CSS CSI Group __________________________________________________