On Wed, May 14, 2014 at 10:06:07PM +0200, Lennart Poettering wrote: > Well, the entirety of /boot should get the same selinux label, which is > perfectly suppported by the vfat kernel support. For whatever reason, the policy on my Raw Hide box locks down System.map more tightly than it does everything else: # semanage fcontext -l | grep ^/boot /boot all files system_u:object_r:boot_t:s0 /boot/.* all files system_u:object_r:boot_t:s0 /boot/System\.map(-.*)? regular file system_u:object_r:system_map_t:s0 /boot/\.journal all files <<None>> /boot/a?quota\.(user|group) regular file system_u:object_r:quota_db_t:s0 /boot/efi(/.*)?/System\.map(-.*)? regular file system_u:object_r:system_map_t:s0 /boot/lost\+found directory system_u:object_r:lost_found_t:s0 /boot/lost\+found/.* all files <<None>> Cheers, Nalin -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
