Can not access files in own home directory

[Russell Coker]

On Sat, 31 Jul 2004 05:22, Karsten Wade <kwade at redhat.com> wrote:
> On Thu, 2004-06-10 at 06:44, Daniel J Walsh wrote:
> > After running fixfiles relabel you should always reboot in order to
> > start programs under the right context,  If you do this in level 5 there
> > is a chance the applications will write files out with bad context after
> > the relabel, before the reboot.
>
> Is it sufficient to do this in run level 3?  So far it's worked for me,
> but is it risky?

As has been mentioned 3 is equivalent to 5 for such things.

If the machine booted in enforcing mode and was never in permissive mode then 
the number of programs which could be in the wrong domain and which could 
create files with the wrong context on shutdown is small.

If you are running in permissive mode with bad labelling then it's quite 
likely that programs are in the wrong domain but the only real problem 
is /etc/mtab which will have restorecon run on it at boot time.

If you change from targetted to strict policy then you can have user processes 
running in the wrong context.  In my lab on writing SE Linux policy at the 
IBM Technical University the students had a problem because they were using 
OpenOffice to read the lab notes (didn't have time to get then printed) and 
when running in unconfined_t OO had created a socket in /tmp which it 
couldn't access after rebooting in enforcing mode with strict policy.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page