> This is a cleaner solution, especially if it still does not have to be > redone after O/S upgrades, etc. Otherwise I prefer the simple > rc.local hack. The *only* case when these changes *will* be lost is if you do a relabel on the entire file system (touch /.autorelabel and then reboot) - this will completely relabel your entire file system based on the installed SELinux policy and since this is a "custom" fix the changes you've just made will be lost.
As long as you do not do that it will survive complete OS reinstall as well as shorewall upgrades (it will be lost if you remove shorewall and then install it though), so on that count you are pretty safe. Whether Fedora will fix this I do not know, but I have just finished my own version of the shorewall SELinux policy last night in light of this and have implemented the right context into the policy itself, so once installed even if I do a complete relabel of the file system the changes will stay as they are and nothing will be broken. ------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
