relabel after policy update

Daniel J Walsh dwalsh at redhat.com
Tue Aug 4 11:08:47 UTC 2009


On 08/03/2009 10:23 AM, Vadym Chepkov wrote:
> Hi,
> 
> I wonder do I have to relabel system after each policy update, it seems rpm doesn't do a good job:
> 
> # restorecon -vR /usr
> restorecon reset /usr/bin/pyzord context system_u:object_r:spamd_exec_t:s0->system_u:object_r:pyzord_exec_t:s0
> restorecon reset /usr/bin/razor-report context system_u:object_r:spamc_exec_t:s0->system_u:object_r:razor_exec_t:s0
> restorecon reset /usr/bin/razor-admin context system_u:object_r:spamc_exec_t:s0->system_u:object_r:razor_exec_t:s0
> restorecon reset /usr/bin/razor-check context system_u:object_r:spamc_exec_t:s0->system_u:object_r:razor_exec_t:s0
> restorecon reset /usr/bin/razor-client context system_u:object_r:spamc_exec_t:s0->system_u:object_r:razor_exec_t:s0
> restorecon reset /usr/bin/razor-revoke context system_u:object_r:spamc_exec_t:s0->system_u:object_r:razor_exec_t:s0
> restorecon reset /usr/bin/pyzor context system_u:object_r:spamc_exec_t:s0->system_u:object_r:pyzor_exec_t:s0
> 
> 
> Sincerely yours,
>   Vadym Chepkov
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
These are alias in SELinux policy.  restorecon is a little confused in seeing them as different.  So no you should not need to run restorecon, rpm usually runs a minimal one in the post install of selinux-policy update anyways.




More information about the fedora-selinux-list mailing list