On Tue, 2008-05-20 at 15:33 -0400, Stephen Smalley wrote: > On Tue, 2008-05-20 at 15:12 -0400, Eric Paris wrote: > > Making use of the wonderful new deferred selinux context patch set from > > the kernel I get beautiful message like: > > > > /sbin/restorecon reset /sbin/dump context > > system_u:object_r:unlabeled_t:s0->system_u:object_r:eparis_exec_t:s0 > > > > The file wasn't really "unlabeled_t" it just wasn't a valid label on the > > host machine. Since restorecon/fixfiles runs over the same files like 3 > > times during a livecd creation this gets rather annoying. Do we have an > > interface I could use to make restorecon do the right comparison here? > > Well, could we instead avoid running restorecon/fixfiles multiple times > on the same files? And ideally just get rpm to label the files > correctly in the first place since that is why we added the kernel > patch? FWIW, we do a final pass with restorecon/fixfiles at the end of creating the files just so that we can ensure that any files that were created as the result of a %post script or anything else which doesn't transition correctly (... perhaps because the policy doesn't know it needs to) ends up with the right final label. This is pretty confined to just the livecd-creator case, though. Jeremy -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
