Red Hat Bugzilla – Bug 160516
selinux-policy-targeted-1.17.30-2.88 rpm (update) overwrites changes
Last modified: 2007-11-30 17:07:18 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050328 Fedora/1.7.6-1.2.5
Description of problem:
After installing selinux-policy-targeted-sources, them modifying the squid.te file there to allow squid to bind to port 80 (for use as an accelerator) and to access certain directories it needs to access, I did a 'make', a 'make install' and a 'make load' in the /etc/selinux/targeted/src/policy directory.
When the next RPM update to selinux-policy-targeted and selinux-policy-targeted-sources came along I found my changes overwritten.
Most of the files in the /etc/selinux/targeted/src should be considered configuration files, should they not?
Something similar probably applies to the deployed binary files as well.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. install selinux-policy-targeted-sources
2. make changes to the .te file of your choice; then make, make install, make load
3. install RPM updates and watch your changes get overwritten/inactivated
Actual Results: Squid stopped working (because Selinux reverted to its base/default installation setup).
Expected Results: My changes should have been left intact. Basically, some mechanism has to exist that allows binary selinux files to get rebuilt if they source package they depend on is installed and the source files have been changed and deployed.
This will be hard to get right.
Changes should get made to your own te files, not one of the standard ones. So
if you want to make squid changes, create a file domains/misc/local.te and put
your changes their.