|
Yes recursively would be far too expensive of an operation. If you look at RHEL7, we introduce file_name_transitions, which allow us to do a better job of labeling files/directories on creation. https://danwalsh.livejournal.com/46018.html On 09/05/2014 03:09 PM, Jonathan Abbey
wrote:
On Fri, 05 Sep 2014 14:05:57 -0500, Jonathan Abbey wrote: | | Given that this is happening with max_watches set far too low to | handle recursive directory watches under /home, I'm going to assume | that the restorecond code at selinuxproject actually does closely | reflect what RHEL 6 is shipping, and recursion just isn't supported | with restorecond. And after re-reading the comment on restored.conf at http://selinuxproject.org/page/GlobalConfigurationFiles I see that I misinterpreted the meaning of "~/*". It says that it "expands to listen for all files created for all logged-in users within their home directories". I took that to be recursively within their home directories, but apparently not. Jon |
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
