FW: selinux enforcing
Gene Czarcinski
gene at czarc.net
Fri Mar 26 20:54:50 UTC 2004
On Friday 26 March 2004 15:45, Stephen Smalley wrote:
> On Fri, 2004-03-26 at 15:27, Richard Hally wrote:
> > I only do the "make relabel" after installing an updated policy to
> > regression test the relabel and in case there have been changes to the
> > file_contexts provided in the update. The other possible "wrong context"
> > situation may be from running in permissive mode where something that
> > would not happen in enforcing mode was allowed to happen and a file
> > received an incorrect context.
> > Am I on the right track or "do I need a visit from the clue stick"?
>
> No, that's right. I was just noting that a clean install of fc2 devel
> with selinux should set the file contexts initially for you, without
> requiring an initial make relabel, since rpm knows about security
> contexts now. I'm not 100% certain of that; I suppose a 'make
> checklabels' after a clean install would be prudent.
OK, I just had something a bit strange happen ...
I updated some of the packages on my x86_64 system including policy and
policy-sources (to 1.9-15). I then rebooted. Oops .. things were a bit
stange such as my admin id (defined in users) could not find the its home
directory. Login as root and ran "make reload" and "make relabel" and then
reboot again. This time things work as expected.
>From the above, this should not be happening ... right?
Gene
More information about the fedora-selinux-list
mailing list