-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/30/2012 09:34 AM, Frank Murphy wrote:
> On 30/01/12 14:28, Daniel J Walsh wrote:
>>>
>> Yes grep autorelabel /usr/lib/dracut/modules.d/30usrmove/*
>> /usr/lib/dracut/modules.d/30usrmove/usrmove-convert.sh:echo "Set
>> autorelabel flag."
>> /usr/lib/dracut/modules.d/30usrmove/usrmove-convert.sh:>
>> "$ROOT/.autorelabel"
>
> What about on an already done box. Anything to be aware of?
>
>
Doubt it. It looks like the only things that need to be relabled are
the symlinks /sbin, /bin, /lib, /lib64, best if we did this with
setfiles. /etc/ld.so.cache seems to need a label also.
Here is a patch that I think we should consider, which would eliminate
the relabel, if it works...
Sadly I updated my machine with a previous version of this script and
the script broke. If anyone has a good test environment, that could
try it out, would be great.
Theoretically if this patch works, you would not need to disable
SELinux at all.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk8m8DoACgkQrlYvE4MpobO1wACeNjHDlNpntQeu42hprMUIc41y
0L8An1weo4Qt/Ayfce1szzeXC9Qs/03M
=YuXP
-----END PGP SIGNATURE-----
156,157c156,164
< echo "Set autorelabel flag."
< > "$ROOT/.autorelabel"
---
>
> . $ROOT/etc/selinux/config
> if [ "$SELINUX" != "disabled" ]; then
> echo "Fixing SELinux lables"
> if [ "$SELINUX" != "disabled" ]; then
> echo "Fixing SELinux lables"
> /usr/sbin/setfiles -r $ROOT -p /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts $ROOT/sbin $ROOT/bin $ROOT/lib $ROOT/lib64 $ROOT/usr/lib $ROOT/usr/lib64 $ROOT/etc/ld.so.cache $ROOT/var/cache/ldconfig
> fi
> fi
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
