Hmm, what means this? [root@hoho2 root]# find / -context 'null' -print find: Error: invalid predicate -context: the kernel is not selinux-enabled. [root@hoho2 root]# od -c /selinux/enforce 0000000 0 0000001 [root@hoho2 root]# The boot param was set to 'selinux=1 enforcing=0' and I have lots of good looking SELinux lines in the /var/log/messages.1 file: [root@hoho2 log]# grep SELinux messages.1 ... May 30 00:09:17 hoho2 kernel: SELinux: Initializing. May 30 00:09:17 hoho2 kernel: SELinux: Starting in permissive mode May 30 00:09:18 hoho2 kernel: SELinux: Registering netfilter hooks [root@hoho2 log]# date Sun May 30 15:46:43 CDT 2004 [root@hoho2 log]# uptime 15:46:45 up 15:38, 3 users, load average: 0.00, 0.00, 0.00 [root@hoho2 log]# [root@hoho2 root]# cat /proc/version Linux version 2.6.6-1.397smp (bhcompile@xxxxxxxxxxxxxxxxxxxxxxx) (gcc version 3. 3.3 20040412 (Red Hat Linux 3.3.3-7)) #1 SMP Fri May 28 11:34:11 EDT 2004 [root@hoho2 root]# BobG On Sun, 30 May 2004 11:11:52 -0700, Tom London wrote: >I used the following to find files that are not labeled: > > find / -context 'null' -print 2>&1 | grep 'No data available' > >This prints out error messages of the form: > getfilecon(/var/spool/cron/mailman): No data available > getfilecon(/var/spool/at/.SEQ): No data available > getfilecon(/initrd): No data available > getfilecon(/initrd/sys): No data available > getfilecon(/initrd/sbin): No data available > getfilecon(/initrd/linuxrc): No data available >etc. > >Is there a better/proper way of doing this? (If not, perhaps I'll write >one...) > >The situation comes up when converting a system to SELinux, or if you >accidently boot up an SELinux system in 'disabled' mode. > >I understand its 'safer' to run 'fixfiles relabel', but some vestigial >unlabeled files seem to remain... > >Thanks, > tom
