livecd-creator + selinux

Eric Paris eparis at redhat.com
Thu May 15 21:20:27 UTC 2008


On Thu, 2008-05-15 at 16:47 -0400, Stephen Smalley wrote:
> On Thu, 2008-05-15 at 16:33 -0400, Eric Paris wrote:
> > #4 At the end of the rpm transaction when everything is installed it
> > calls restorecon and I get one for (I assume) every file almost all of
> > which look like:
> > 
> > /sbin/restorecon reset /srv context system_u:object_r:var_t:s0->system_u:object_r:var_t:s0
> > 
> > Notice nothing changed?  Again I assume its my hack of a /selinux which
> > causes it and I'll try to run down why, but maybe someone else sees that
> > quickly.
> 
> That suggests it is being called with the -f (force) flag from
> e.g. /sbin/fixfiles.  selinux-policy.spec does a
> 	fixfiles -C file_contexts.pre restore
> 
> fixfiles -C does a diff between the old and new file contexts
> configurations and applies restorecon to the result. There is some
> serious magic in there, and it is all Dan's fault ;)

ok, in the livecd-creator kickstart.py I see

        if os.path.exists(self.path("/sbin/restorecon")):
            self.call(["/sbin/restorecon", "-l", "-v", "-r", "-F", "-e", "/proc", "-e", "/sys", "-e", "/dev", "-e", "/selinux", "/"])

So there is our -F.  Is there a way to get it to fix "user" without
getting it to fix "things that aren't wrong"

-Eric




More information about the fedora-selinux-list mailing list