Bug 120211 - SELinux FAQ - what is the relationship between policy and policy-sources packages?
SELinux FAQ - what is the relationship between policy and policy-sources pack...
Status: CLOSED CURRENTRELEASE
Product: Fedora Documentation
Classification: Fedora
Component: selinux-faq (Show other bugs)
devel
All Linux
medium Severity medium
: ---
: ---
Assigned To: Karsten Wade
Tammy Fox
http://people.redhat.com/kwade/fedora...
:
Depends On:
Blocks: 118757
  Show dependency treegraph
 
Reported: 2004-04-06 16:32 EDT by Karsten Wade
Modified: 2007-04-18 13:05 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-04-08 15:02:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Karsten Wade 2004-04-06 16:32:00 EDT
Description of change/FAQ addition.  If a change, include the original
text first, then the changed text:

http://www.redhat.com/archives/fedora-test-list/2004-April/msg00755.html

## begin quote from message


The policy package has the minimum necessary files defining the selinux 
security policy ... as currently implemented, you always need this
package 
installed.  The policy-sources package contains all of the source
definitions 
(files in /etc/security/selinux/src/*) for creating the files 
/etc/security/selinux/file_contexts and
/etc/security/selinux/policy.<ver> 
where <ver> is the "version number" of the policy ... currently 16.
[Some of 
the recent policy package updates had/have a packaging problem and
installed 
"policy." instead of "policy.16" where screw things up pretty bad
although it 
can be fixed by simply renaming the file.]

If you have a simple system and do not plan to fool with the security
policy 
as currently defined by Red Hat, you need just the policy package.  If
you 
are going to customize your security policy and want to run setools,
then you 
need policy-sources.

Note:  Installing/updating the policy package will load the new policy
after 
it installs the files.

Note: Installing/updating the policy-sources package will rebuild the 
policy.## file and the file_contexts file and loads them (makes them the 
current policy in effect).

Note:  If you have locally modified some of the policy sources, updating 
policy and/or policy-sources can have interesting (but not particularly 
desirable) effects. See 
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=118604

## 30

Version-Release of FAQ (found on
http://people.redhat.com/kwade/fedora-docs/selinux-faq-en/ln-legalnotice.html):

 selinux-faq-1.0-4 (2004-04-05-T04:20-0800)
Comment 1 Karsten Wade 2004-04-06 21:22:05 EDT
How does this write-up sound?  I'm going to hold it for 1.0-6, I reckon.

## begin

Q:. What is the relationship between the policy and policy-sources
packages?

A:. The policy package is a requirement for a working SELinux
installation, while policy-sources is required if you want to
customize the default policy.

The policy package has the minimum files necessary for defining the
SELinux security policy. It is kept trimmed down in size to support a
minimal install footprint.

The policy-sources package contains the source definitions in
/etc/security/selinux/src that are required to create the files
/etc/security/selinux/file_contexts and
/etc/security/selinux/policy.<version>. <version> is the version
number of the policy.

Choosing which packages to install is based on the type of
installation. If you are going to use only the default security policy
defined by the Fedora Core developers, you only need the policy
package. If you are to customize your security policy in any way, or
otherwise want to run setools, you need to install policy-sources.

Installing or updating the policy package loads the new policy after
it installs the files. Similarly, installing or updating the
policy-sources package rebuilds the policy.<version> file as well as
the file_contexts file, then loads them as the currently effective
policy. 

## 30
Comment 2 Karsten Wade 2004-04-08 15:02:14 EDT
I'm going to include this in 1.0-6; if there are any problems with my
write-up, please file a new bug report.

Note You need to log in before you can comment on or make changes to this bug.