Fedora Core 4
Stephen Smalley
sds at epoch.ncsc.mil
Tue Jan 18 12:23:45 UTC 2005
On Mon, 2005-01-17 at 09:44, Chris Adams wrote:
> Once upon a time, Sean Middleditch <elanthis at awesomeplay.com> said:
> > Besides, changing them in Nautilus *WILL* break the system, because the
> > second a package upgrade for selinux policies comes in and restorecon is
> > run all of their customized settings will be erased.
>
> Does that reset every context on the system, including on non-RPM files?
> If so, that's going to be highly confusing to both users and system
> administrators. What is the point of even having the chcon command if
> everything will be reset to some config file contents at arbitrary
> times? Just load the config file into the kernel and use it directly.
Policy updates do NOT relabel by default. And if properly handled, only
selective relabeling should ever be necessary. Full filesystem relabel
should only occur at install time or upon major policy changes (e.g.
switching between targeted and strict policies). The on-disk attributes
are authoritative; the file_contexts configuration is merely for
initialization at install time.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-devel-list
mailing list