Relabelling issue
Bruno Wolff III
bruno at wolff.to
Sun Oct 25 23:23:17 UTC 2009
On Sun, Oct 25, 2009 at 20:37:40 +0000,
Arthur Dent <misc.lists at blueyonder.co.uk> wrote:
>
> Thank you - but I'm not sure I fully understand what you're saying. Do
> you mean that if I had first switched to permissive mode, that those
> errors would not have occurred?
Yes.
> Surely if a particular context is "not valid" there is nothing a relabel
> can do - permissive mode or otherwise? Or have I misunderstood?
It's not that the context is valid, but that you may not have permission
to make the changes.
> My question was really:
> a) How have I ended up with all of those invalid contexts? and
It might be just changes in labels from previous versions of the policy.
Normally the changes get made during updates.
> b) Given that, as far as I can tell, most things seem to work - should I
> be concerned about these error messages?
Having things mislabelled can cause problems. You can either do a full
relabel or use restorecon to fix them. Since you seem to know which ones
did not get relabelled you can do a targetted relabelling with restorecon
instead of checking evry file on your system.
More information about the fedora-selinux-list
mailing list