On 31.5.2012 21:44, Daniel J Walsh wrote:
A third option would be to run "restorecon -R -v $HOME" in background in an
profile script the first time you login on a new OS Version. This would seem
to be the least time consuming, but could be subject to race conditions, you
hit the mislabeled file before the restorecon fixes it. This would be better
then what we have now, in that everyone can hit the mislabeled file directory.
I mostly prefer latency on my workstation/latency and waiting for
relabel is PITA. I would rather risk reboot if I ever hit that race
condition (chance is 0.0001%?).
But on (production) server I would not mind waiting for relabeling.
I would propose to relabel in background by default (honestly my mother
does not care about SElinux) and if user knows and care - as sysadmin of
server - he will flip some option in /etc/selinux/config just before
reboot and relabeling will be done in foreground as is done today with
/.autorelabel
Mirek
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
