relabel after policy update
Daniel J Walsh
dwalsh at redhat.com
Tue Aug 4 11:08:47 UTC 2009
On 08/03/2009 10:23 AM, Vadym Chepkov wrote:
> Hi,
>
> I wonder do I have to relabel system after each policy update, it seems rpm doesn't do a good job:
>
> # restorecon -vR /usr
> restorecon reset /usr/bin/pyzord context system_u:object_r:spamd_exec_t:s0->system_u:object_r:pyzord_exec_t:s0
> restorecon reset /usr/bin/razor-report context system_u:object_r:spamc_exec_t:s0->system_u:object_r:razor_exec_t:s0
> restorecon reset /usr/bin/razor-admin context system_u:object_r:spamc_exec_t:s0->system_u:object_r:razor_exec_t:s0
> restorecon reset /usr/bin/razor-check context system_u:object_r:spamc_exec_t:s0->system_u:object_r:razor_exec_t:s0
> restorecon reset /usr/bin/razor-client context system_u:object_r:spamc_exec_t:s0->system_u:object_r:razor_exec_t:s0
> restorecon reset /usr/bin/razor-revoke context system_u:object_r:spamc_exec_t:s0->system_u:object_r:razor_exec_t:s0
> restorecon reset /usr/bin/pyzor context system_u:object_r:spamc_exec_t:s0->system_u:object_r:pyzor_exec_t:s0
>
>
> Sincerely yours,
> Vadym Chepkov
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
These are alias in SELinux policy. restorecon is a little confused in seeing them as different. So no you should not need to run restorecon, rpm usually runs a minimal one in the post install of selinux-policy update anyways.
More information about the fedora-selinux-list
mailing list