On Mon, 2005-01-17 at 09:44, Chris Adams wrote: > Once upon a time, Sean Middleditch <elanthis@xxxxxxxxxxxxxxx> said: > > Besides, changing them in Nautilus *WILL* break the system, because the > > second a package upgrade for selinux policies comes in and restorecon is > > run all of their customized settings will be erased. > > Does that reset every context on the system, including on non-RPM files? > If so, that's going to be highly confusing to both users and system > administrators. What is the point of even having the chcon command if > everything will be reset to some config file contents at arbitrary > times? Just load the config file into the kernel and use it directly. Policy updates do NOT relabel by default. And if properly handled, only selective relabeling should ever be necessary. Full filesystem relabel should only occur at install time or upon major policy changes (e.g. switching between targeted and strict policies). The on-disk attributes are authoritative; the file_contexts configuration is merely for initialization at install time. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
