/sbin/restorecon and hard links
Chuck Anderson
cra at WPI.EDU
Wed Feb 15 14:50:47 UTC 2006
On Wed, Feb 15, 2006 at 09:44:53AM -0500, Stephen Smalley wrote:
> On Wed, 2006-02-15 at 09:33 -0500, Chuck Anderson wrote:
> > On Wed, Feb 15, 2006 at 09:01:32AM -0500, Stephen Smalley wrote:
> > > Yes, running restorecon on /home by root considered harmful,
> >
> > What is a safe way to run restorecon on /home? Should I su to each
> > user and do their home directory separately from all others?
>
> The real question is why do you need to do it? If the labels are set up
> properly on installation and when the user's account is first created,
> then you shouldn't need to do it subsequently, and the user can run
> restorecon themselves on their own home directory if they encounter
> issues. su has its own issues irrespective of SELinux; never su to an
> untrusted account.
Restores from backup. Until our backup utility supports extended
attributes, we will have to use restorecon so at least the default
labels are set up properly.
Also, assuming we do backup extended attributes, will this problem
still exist when restoring them from backup?
More information about the fedora-selinux-list
mailing list