On Fri, 2004-02-27 at 15:34, John Ellson wrote: > Do I do that before or after rebooting with selinux enabled? It should work even with selinux=0, as the xattr handlers will still be present in the kernel. The only issue is that a file might get left unlabeled if it is created after the 'make relabel' would have touched it but before you've rebooted with selinux enabled, e.g. files that get created on shutdown. I think that Dan may have plans to catch common cases of that situation using restorecon in init scripts, but I'm not sure. > If after, do I log in as a conventional root user, or do I need a > different login procedure? You'll also need to be in the sysadm_r role. Login should prompt you for a context, and you can also login as a regular user and then su as usual (su should also prompt for a context). > What are "corresponding rpm file contexts state" ? What should I > look for? rpm is now aware of file security contexts, so I'm not sure if the rpm database needs to be rebuilt if you run with selinux=0 for a while (and install some rpms on that non-SELinux system) and then later enable SELinux. Jeff? -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
