On Sun, 2007-04-01 at 10:18 -0400, Chris PeBenito wrote: > On Sun, 2007-04-01 at 10:43 +0200, Marek Wróbel wrote: > > Chris PeBenito wrote: > > > Already fixed, please emerge sync. However you'll likely run into a > > > toolchain bug that was just uncovered this week :( > > > > > > > Could you write any details about this bug before we run into it ? I > > would like to know what to do not to screw my system up. > > Its a bug during the link/expand portion of the final policy building. > This happens when the policy is rebuilt because you insert or remove a > policy module using semodule. It causes install/remove transactions to > fail. I'm not 100% sure what the circumstances are that hits this bug, > but I think it has to do with booleans that are optionally declared in > modules. If you want to just avoid all this, wait until I post that a > fixed toolchain is available before using the 20070329 policies. > Hopefully it should be sometime this week since a patch is in testing.
Libsepol-1.16.2 has been committed. This should fix the policy linking. One thing with the 20070329 policies is that booleans have been moved from the base module out into the individual modules. For example, all of the apache booleans used to be in the base module, but now have been moved back to the apache module. However this means that all of the modules need to be reloaded simultaneously. I made a script [1] which can be placed in your local policy directory (where you built a local.pp if you have one). Run the script from that directory, then both strict and targeted policies should be refreshed. If you don't have any local policy, then it can be ran from anywhere. Make sure that all of the policies from portage are updated to 20070329 otherwise the script will likely fail. [1] http://dev.gentoo.org/~pebenito/refresh_policy.sh -- Chris PeBenito <[EMAIL PROTECTED]> Developer, Hardened Gentoo Linux Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243
signature.asc
Description: This is a digitally signed message part
