On Thu, 2007-05-10 at 11:49 -0400, Karl MacMillan wrote: > [CC'd the selinux development list so that the developers are aware of > these issues] > > On Thu, 2007-05-10 at 16:50 +0200, Till Maas wrote: > > On Do Mai 10 2007, Karl MacMillan wrote: > > > > > When selinux is turned on again a full relabel of the filesystem is done > > > to correct these problems. If the custom file context wasn't added to > > > the database of file contexts (via a module or semanage) the file is set > > > to the default label. > > > > So will chcon in a scriptlet work, when an rpm is installed while selinux is > > not active? > > > > Unfortunately it won't - does semanage / semodule work in this instance > (it probably should so that users can turn selinux back on after > disabling and doing package management). semodule works with selinux disabled (it won't load the resulting policy naturally, but it manipulates the policy store and regenerates the policy files appropriately, so they would be used when selinux is next enabled, and a relabel would happen at that time). semanage has some dependencies on libselinux (e.g. is_selinux_mls_enabled, security_check_context) that should be converted to using libsemanage or libsepol interfaces, and then there is the separate issue of the context translation support. -- Stephen Smalley National Security Agency -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
