removing context

[Brian Krusic]

On Jul 8, 2009, at 12:19 PM, Mike Cloaked wrote:

>
>
>
> Brian Krusic wrote:
>>
>> Hi,
>>
>> When doing an ls -lZ, some files show a security context like;
>>
>> root:object_r:user_home_t:s0
>>
>> ... while some don't.
>>
>> Does any one know how to remove this context either on a file, dir or
>> file system level?
>>
>>
>
> Why do you want to remove them - if selinux is enforcing (as it  
> should be in
> an up to date version of Fedora ) then all files should have a  
> context and
> your best security is when selinux is set up correctly to work with  
> your
> system.  In F10 selinux did have a number of tweaks needed to get it  
> going
> but in F11 it is likely to need very few tweaks.
> -- 
> View this message in context: http://www.nabble.com/removing-context-tp24396015p24397663.html
> Sent from the Fedora SELinux List mailing list archive at Nabble.com.

I'm glad you asked the question.

I have selinux disabled first and foremost.

However the context labels still exist on some files which cause a  
problem doing dump/restore over NFS.

Let me explain;

While dump/restore works over NFS in general, they don't work with  
selinux context so I keep getting errors like;

restore: ./etc/ysyconfig/network-scripts/ifcfg-eth0: EA set  
security.selinux:system_u:object_r:etc_t:s0 failed: Operation not  
supported.

And while the dump/restore works and the files get copied, this error  
causes my incremental backs to work as full backups.  Also, this  
muddies my log files which i rely on.  Image half the files on the  
system kicking out this error.

Thanks in advance,
- Brian




>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list