On Wed, 2006-02-15 at 09:50 -0500, Chuck Anderson wrote: > Restores from backup. Until our backup utility supports extended > attributes, we will have to use restorecon so at least the default > labels are set up properly. In the file restoration case, you are re-creating files under /home, so they won't be hard links to system files, and presumably the user isn't allowed to login while you are restoring his home directory, so he can't create any links during that process. > Also, assuming we do backup extended attributes, will this problem > still exist when restoring them from backup? You won't have to run restorecon in that case, and the restore utility presumably would just set the attributes as it creates each file, so likely not. But remember that targeted policy doesn't confine users, only specific programs/daemons, so if you are using it, you aren't relying on SELinux to counter malicious users at all, so this is no different. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
