selinux fixfiles context
Sandy Pond
sandy_pond at myrealbox.com
Thu Apr 15 12:27:41 UTC 2004
On Thu, 2004-04-15 at 08:15 -0400, Daniel J Walsh wrote:
> Yes I always relabel in single user mode. A process that is already
> running will not be
> directly affected by a relabel. The file context is only looked at at
> process start. So if
> gnome is running in the wrong context and relabel. gnome will continue
> to write in the
> wrong context, until restart. Most of your problems are probably files
> being created in the /tmp
> directory. As far as the advice of run fixfiles, that is happening way too
> often. When we have this working correctly fixfiles should never need
> to be run (Think of
> it as fsck.) Running in permissive mode is not the same as running in
> enforcing mode. I would
> suggest that you run in enforcing mode all the time. If you run into a
> problem where something
> will not work in enforcing mode, use setenforce 0 run your command and
> run setenforce 1. Then
> grab the AVC messages and submit a bug report.
>
Would be good to add these two points to:
http://people.redhat.com/kwade/fedora-docs/selinux-faq-en/
More information about the fedora-test-list
mailing list