FW: selinux enforcing
Richard Hally
rhally at mindspring.com
Fri Mar 26 20:27:23 UTC 2004
-----Original Message-----
From: fedora-selinux-list-bounces at redhat.com
[mailto:fedora-selinux-list-bounces at redhat.com]On Behalf Of Stephen Smalley
Sent: Friday, March 26, 2004 9:01 AM
To: Fedora SELinux support list for users & developers.
Subject: Re: FW: selinux enforcing
On Fri, 2004-03-26 at 02:43, Richard Hally wrote:
> Once you have installed the policy and policy-sources and done
> "make reload" in /etc/security/selinux/src/policy you must also do
> "make relabel" (it can take a while) to label all the files correctly.
The 'make relabel' shouldn't be necessary if you do a clean install, as
rpm knows to set the file contexts now, right? Only necessary if you
are upgrading an existing system to FC2 devel and need to retroactively
apply the labels.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
--
I only do the "make relabel" after installing an updated policy to
regression test the relabel and in case there have been changes to the
file_contexts provided in the update. The other possible "wrong context"
situation may be from running in permissive mode where something that would
not happen in enforcing mode was allowed to happen and a file received an
incorrect context.
Am I on the right track or "do I need a visit from the clue stick"?
Richard Hally
More information about the fedora-selinux-list
mailing list