On Wed, Feb 15, 2006 at 09:44:53AM -0500, Stephen Smalley wrote: > On Wed, 2006-02-15 at 09:33 -0500, Chuck Anderson wrote: > > On Wed, Feb 15, 2006 at 09:01:32AM -0500, Stephen Smalley wrote: > > > Yes, running restorecon on /home by root considered harmful, > > > > What is a safe way to run restorecon on /home? Should I su to each > > user and do their home directory separately from all others? > > The real question is why do you need to do it? If the labels are set up > properly on installation and when the user's account is first created, > then you shouldn't need to do it subsequently, and the user can run > restorecon themselves on their own home directory if they encounter > issues. su has its own issues irrespective of SELinux; never su to an > untrusted account. Restores from backup. Until our backup utility supports extended attributes, we will have to use restorecon so at least the default labels are set up properly. Also, assuming we do backup extended attributes, will this problem still exist when restoring them from backup? -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
