Enabling SELinux (was Re: How to make SELinux in Fedora work?)
Stephen Smalley
sds at epoch.ncsc.mil
Thu Jun 3 18:54:54 UTC 2004
On Thu, 2004-06-03 at 12:29, Park Lee wrote:
> That is ,can we first 'fixfiles relabel' in a non-SELinux kernel. and
> then turn into the SELinux kernel ? Is it safe?
If the kernel has the requisite extended attribute handlers, then you
can set the SELinux attributes using that kernel, even if SELinux itself
is disabled. However, you may still end up with some files that lack
labels, e.g. if any files are created while the relabel is running
(after their directories have already been traversed) or after the
relabel has completed before the system reboots (including any files
created during shutdown). Hence, it is preferable to be running
SELinux.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list