FW: selinux enforcing
Stephen Smalley
sds at epoch.ncsc.mil
Fri Mar 26 20:45:58 UTC 2004
On Fri, 2004-03-26 at 15:27, Richard Hally wrote:
> I only do the "make relabel" after installing an updated policy to
> regression test the relabel and in case there have been changes to the
> file_contexts provided in the update. The other possible "wrong context"
> situation may be from running in permissive mode where something that would
> not happen in enforcing mode was allowed to happen and a file received an
> incorrect context.
> Am I on the right track or "do I need a visit from the clue stick"?
No, that's right. I was just noting that a clean install of fc2 devel
with selinux should set the file contexts initially for you, without
requiring an initial make relabel, since rpm knows about security
contexts now. I'm not 100% certain of that; I suppose a 'make
checklabels' after a clean install would be prudent.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list