> restorecon doesn't rely on having policy sources > (selinux-policy-targeted-sources) installed. It uses the installed > file_contexts configuration created by the policy > (selinux-policy-targeted) package. That lives > under /etc/selinux/targeted/contexts/files. Aha, I think the O'Reilly book is just out of date. Not surprising considering the moving target that is SELinux. > SELinux utilities don't rely on having the policy sources available, > as you likely don't want them on production systems. make relabel is > really only for developers, and hardly used at all anymore (it > predates having fixfiles and restorecon). Actually I am developing here. My problem is that I have a huge chroot directory (basically a full duplicate of the whole system) and I want to get everything in there labeled as if it was outside chroot. To do this I duplicated file_contexts/types.fc and used sed to prepend the chroot directory to every line. It seems to work pretty well, but I'm still having trouble getting the user home directories inside chroot labeled properly. The homedirs macros and files are apparently throwing me. I'd appreciate any suggestions on a better way to label the chroot filesystem. And any ideas on how to get those chrooted homedirs labeled correctly. Stephen Brueckner, ATC-NY -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list