Selinux - touch /.autorelabel before shutting down
Russell Coker
russell at coker.com.au
Fri Sep 9 04:45:30 UTC 2005
On Thursday 08 September 2005 23:52, Jim Cornette
<fct-cornette at insight.rr.com> wrote:
> After updating from today's rawhide, my computer stopped at "detecting
> hardware. Hitting ctl-c would pass that, but the system was stuck in
> readonly. To get the system to boot, I had to add selinux=0 as a boot
> option.
It would be handy to know which file or files were mis-labeled. It's possible
that your system use has revealed a bug, but if so probably your use of
selinux=0 has destroyed the evidence.
> I had kids playing games and they "shut off the computer" But, I assume
> they hit the power button, which shuts down the system as poweroff would
> do.
Which is supposed to work (IMHO). I believe that you should be able to press
reset or experience a power failure at any time without any catastrophic loss
of data or any security compromise. Anything which causes a significant data
loss or security compromise related to a power failure should be considered a
serious bug.
Touching /.autorelabel before shutdown would be a really bad idea. A relabel
of all file systems will take at least 5 minutes on all combinations of
hardware and install options that I've seen (it's possible that a combination
of a minimal install and great hardware will take less time). On some
combinations of hardware and installation options a relabel will take 30
minutes or more. It's possible that some non-optimal configurations will
take many hours for a relabel (if you have a huge number of files such as a
file system for Maildir storage then you should use the context= mount option
to avoid this problem).
Also in FC4 and above you can use the kernel boot parameter "autorelabel" to
cause a relabel, so if your machine is messed up and you need to relabel
there is no need to create a file on the file system or boot in permissive
mode. You can just use the GRUB options to edit the boot command line.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-test-list
mailing list