On Thu, May 31, 2012 at 9:44 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> A third option would be to run "restorecon -R -v $HOME" in background in an
> profile script the first time you login on a new OS Version. This would seem
> to be the least time consuming, but could be subject to race conditions, you
> hit the mislabeled file before the restorecon fixes it. This would be better
> then what we have now, in that everyone can hit the mislabeled file directory.
It would also turn labeling problems into heisenbugs that are
impossible to reproduce or diagnose, supporting the impression that
"SELinux breaks systems" and "it is difficult to understand SELinux".
Would it be possible to keep restorecond running on the systems
updated from older releases, and have it disabled by default on fresh
installs? (If I understand correctly, this already affects F17, so it
is too late...)
Mirek
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
