[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fedora Core 4



On Mon, 2005-01-17 at 09:44, Chris Adams wrote:
> Once upon a time, Sean Middleditch <elanthis awesomeplay com> said:
> > Besides, changing them in Nautilus *WILL* break the system, because the
> > second a package upgrade for selinux policies comes in and restorecon is
> > run all of their customized settings will be erased.
> 
> Does that reset every context on the system, including on non-RPM files?
> If so, that's going to be highly confusing to both users and system
> administrators.  What is the point of even having the chcon command if
> everything will be reset to some config file contents at arbitrary
> times?  Just load the config file into the kernel and use it directly.

Policy updates do NOT relabel by default.  And if properly handled, only
selective relabeling should ever be necessary.  Full filesystem relabel
should only occur at install time or upon major policy changes (e.g.
switching between targeted and strict policies).  The on-disk attributes
are authoritative; the file_contexts configuration is merely for
initialization at install time.

-- 
Stephen Smalley <sds epoch ncsc mil>
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]