livecd-creator + selinux
Eric Paris
eparis at redhat.com
Thu May 15 21:20:27 UTC 2008
On Thu, 2008-05-15 at 16:47 -0400, Stephen Smalley wrote:
> On Thu, 2008-05-15 at 16:33 -0400, Eric Paris wrote:
> > #4 At the end of the rpm transaction when everything is installed it
> > calls restorecon and I get one for (I assume) every file almost all of
> > which look like:
> >
> > /sbin/restorecon reset /srv context system_u:object_r:var_t:s0->system_u:object_r:var_t:s0
> >
> > Notice nothing changed? Again I assume its my hack of a /selinux which
> > causes it and I'll try to run down why, but maybe someone else sees that
> > quickly.
>
> That suggests it is being called with the -f (force) flag from
> e.g. /sbin/fixfiles. selinux-policy.spec does a
> fixfiles -C file_contexts.pre restore
>
> fixfiles -C does a diff between the old and new file contexts
> configurations and applies restorecon to the result. There is some
> serious magic in there, and it is all Dan's fault ;)
ok, in the livecd-creator kickstart.py I see
if os.path.exists(self.path("/sbin/restorecon")):
self.call(["/sbin/restorecon", "-l", "-v", "-r", "-F", "-e", "/proc", "-e", "/sys", "-e", "/dev", "-e", "/selinux", "/"])
So there is our -F. Is there a way to get it to fix "user" without
getting it to fix "things that aren't wrong"
-Eric
More information about the fedora-selinux-list
mailing list