Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Policy Store Migration
In version 2.4 of libsemanage, libsepol, and policycoreutils, the policy module store was moved from
/var/lib/selinux/<store>/. Once the libraries are upgraded, all policy stores must be migrated before any commands that modify or use the store (e.g. semodule, semanage) can be executed.
A script was developed to aid this migration, installed to
/usr/libexec/selinux/semanage_migrate_store by default. This script will copy all necessary module information to the new store location. Once migrated, if the
<store> is the default store, the script will attempt to rebuild and install the store. This rebuild can be disabled with the
-n option. Additionally, by default the script will not remove files from the old store. However, if the
-c option is given, the old module store will be deleted after migration.
In addition to the existing policy modules, the list of files migrated includes:
Note that the script can be executed multiple times without error. However, once a store is migrated to the new location, running the script again will skip the old store.
# /usr/libexec/selinux/semanage_migrate_store Migrating from /etc/selinux/targeted/modules/active to /var/lib/selinux/targeted/active Attempting to rebuild policy from /var/lib/selinux