On Thu, 2004-06-03 at 13:11, Park Lee wrote: > Then, what are those means? > Does they mean that relabel can work in a non-SELinux kernel? I suspect that his unofficial FAQ is referring to situations where you can no longer boot a SELinux kernel and need to perform emergency recovery. In such a case, you could boot a non-SELinux kernel that has the extended attribute handlers and relabel your filesystems to deal with most files, although there is still the potential for some unlabeled/mislabeled files as I mentioned due to file creation on that kernel. Also, those particular answers in his FAQ may have been based on the older SELinux, before the move to using the Linux xattr support, where you could relabel on any vanilla kernel since the labels were stored in the persistent label mapping. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
