Can not access files in own home directory
Russell Coker
russell at coker.com.au
Sun Aug 1 07:39:30 UTC 2004
On Sat, 31 Jul 2004 05:22, Karsten Wade <kwade at redhat.com> wrote:
> On Thu, 2004-06-10 at 06:44, Daniel J Walsh wrote:
> > After running fixfiles relabel you should always reboot in order to
> > start programs under the right context, If you do this in level 5 there
> > is a chance the applications will write files out with bad context after
> > the relabel, before the reboot.
>
> Is it sufficient to do this in run level 3? So far it's worked for me,
> but is it risky?
As has been mentioned 3 is equivalent to 5 for such things.
If the machine booted in enforcing mode and was never in permissive mode then
the number of programs which could be in the wrong domain and which could
create files with the wrong context on shutdown is small.
If you are running in permissive mode with bad labelling then it's quite
likely that programs are in the wrong domain but the only real problem
is /etc/mtab which will have restorecon run on it at boot time.
If you change from targetted to strict policy then you can have user processes
running in the wrong context. In my lab on writing SE Linux policy at the
IBM Technical University the students had a problem because they were using
OpenOffice to read the lab notes (didn't have time to get then printed) and
when running in unconfined_t OO had created a socket in /tmp which it
couldn't access after rebooting in enforcing mode with strict policy.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list