Selinux Problems
g
geleem at bellsouth.net
Tue Oct 6 17:11:37 UTC 2009
Bruno Wolff III wrote:
> On Tue, Oct 06, 2009 at 06:31:48 +0000,
> g <geleem at bellsouth.net> wrote:
>> Jim wrote:
>>
>>> Trying to Relabel my Laptop and if I do a "touch / autorelabel" in
>>> permissive mode.
>> what does 'touch /.autorelabel' do? note "/.a"
>
> /.autorelabel is a magic name that is used during the boot process to determine
> whether or not a relabel should be done during the boot process.
>
> The touch command creates the file if it doesn't exist.
of this, i am aware. tho i would call it a *flag*, not a 'magic name'.
be aware that jim shows "touch / autorelabel", which is not same as
*touch /.autorestore*.
granted. he may have made a typo in his post by not showing '.'.
if he left '.' out in his command line, it may be a reason for not
triggering selinux to run a relabel during reboot.
from 'man selinux';
+++
FILE LABELING
All files, directories, devices ... have a security context/label asso-
ciated with them. These context are stored in the extended attributes
of the file system. Problems with SELinux often arise from the file
system being mislabeled. This can be caused by booting the machine with
a non selinux kernel. If you see an error message containing file_t,
that is usually a good indicator that you have a serious problem with
file system labeling.
The best way to relabel the file system is to create the flag file
/.autorelabel and reboot. system-config-securitylevel, also has this
capability. The restorcon/fixfiles commands are also available for
relabeling files.
+++
--
peace out.
tc,hago.
g
.
****
in a free world without fences, who needs gates.
**
help microsoft stamp out piracy - give linux to a friend today.
**
to mess up a linux box, you need to work at it.
to mess up an ms windows box, you just need to *look* at it.
**
learn linux:
'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html
'The Linux Documentation Project' http://www.tldp.org/
'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html
'HowtoForge' http://howtoforge.com/
****
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 545 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20091006/a8e32931/attachment-0001.sig>
More information about the fedora-list
mailing list