On Fri, 25 Jun 2004 10:28:57 CDT, Bob Gustafson <bobgus@xxxxxxx> said: > However, looking my output from fixfiles, it seems as though there are > gross changes in policy that are occasionally occuring during this > development phase (object_r -> system_r). > > It would be nice to get some sort of indication that a fixfiles run would > be helpful when these gross changes occur. In the generalized case, how would it know? (I mean, other than the already mentioned 'fixfiles -n -v -o' and look at the logfile and restorecon)? (Personally, I think a nightly cron job that does something like: fixfiles -n -v -o /var/tmp/whatever; mail -s "Incorrect contexts" root < /var/tmp/whatever is The Right Behavior. I owe whoever thought of it a beer :) Right now, *my* single biggest mangler of contexts is all the local and 3rd-party stuff that gets into system directories via 'make install' rather than via RPM (so far this morning, I've already had one package that I did a 'cvs update' and then 'make/make install', and since it supports plugins, the following clean-up relabeled about 30 *.so files to shlib_t.... See above-mentioned Right Behavior, and guess who doesn't always remember to run fixfiles after a 'make install' and needs to be nagged. :)
Attachment:
pgp33gfYT3983.pgp
Description: PGP signature
