On Wed, 2007-10-17 at 13:11 +0200, Adam Tkac wrote: > On Mon, Oct 15, 2007 at 11:31:17PM +0200, Karel Zak wrote: > > Couldn't be better to maintain default selinux labels like others > > file attributes? > > > > %attr(4755,root,root) %selinux(foo_t) /bin/foo > > > > I think restorecon is fare more better than this approach. With this you have two databases of file contexts - first is in specfile and second in selinux-policy*. When you use restorecon you have one centralised database. We will discuss if rpm will automaticaly run restorecon on all installed files. Not only that, but a new policy may well change some labels to fix errors, and make the package content obsolete. And even dangerous if the package maintainer forgets to update it and on a yum update you get back the old broken label. Simo. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
