up2date, Large Medium and small updates....
Stephen C. Tweedie
sct at redhat.com
Wed Mar 10 11:12:54 UTC 2004
Hi,
On Wed, 2004-03-10 at 08:03, Russell Coker wrote:
> > Is it necessary/useful to do stuff like this before or after a reboot?
> > Is there a difference from vanilla in how promptly a reboot and other
> > housecleaning for SELinux is needed? i.e. will audit go nuts...
>
> In general use there should not be any need for a relabel except after severe
> file system corruption, a backup/restore with non-XATTR aware backup
> software, or booting a non-SE Linux kernel.
In practice I find my own SELinux test box becomes unbootable if I work
with `setenforce 0` for any length of time, and it takes a relabel to
fix things. The main breakage seems to be that at boot time, e2fsck
can't access the glibc gconv modules list.
I've changed my relabel scripts so next time it happens, I'll do a
setfiles -v and record exactly what inodes are mislabelled.
Cheers,
Stephen
More information about the fedora-selinux-list
mailing list