On Thu, 2004-06-03 at 09:37, park lee wrote: > ON Thu, 27 May 2004 11:07:33 ,Tom London wrote: > > >Following the attached advice, here's what I did: > > 1. Modified /etc/sysconfig/selinux to have 'SELINUX=permissive' > > 2. Rebooted single-user and ran 'fixfiles relabel' > > 3. Rebooted multi-user > > For the 2nd item, I want to ask why you must reboot in single-user? > can't we run 'fixfiles relabel' directly? It is generally safer to run it in single-user mode, both to ensure that you don't have any stray processes still running in the wrong domain (and thus creating files in the wrong types after the relabel) and to avoid problems with the purging of /tmp performed by relabel (as that will kill files on which windowing applications depend). fixfiles restore avoids the purging of /tmp. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
