What symptoms do you see that require a relabel?
I keep up to date with patches so the kernel is updated fairly often.
I've never had to relabel in all of this time.
FWIW - Been running Fedora with selinux in enforcing mode since a version in the
late teens (don't remember exactly which one). I last installed from scratch
using rev 27. Been upgrading since then. I am about to upgrade to 35 from 33.
michael
On 2/4/22 06:57, justina colmena ~biz wrote:
Have you tried this?
# touch /.autorelabel && reboot
I've had to run this command every time a Fedora upgrade touches the kernel or
SELinux policy, and it's neither automatic nor documented as a necessary step.
Right now I am using CentOS 7 on OpenVZ in the cloud, otherwise very similar
to Fedora, but sadly SELinux is disabled on most if not all VM hosting
services, and the KVM (keyboard-video-mouse) virtualization offered by some
providers, which would potentially allow a customer to install and use any
Linux distribution with SELinux enabled, is rife with virtualization-related
Intel/AMD/x86 hardware and microcode bugs.
On February 3, 2022 4:35:07 AM AKST, Geert Janssens <geert@xxxxxxxxxxxx> wrote:
Hi,
I have a minimal Fedora 35 box that's configured as a mail server. It started
life as a Fedora 33 system and got upgraded to 35 yesterday in an attempt to
fix the following error I was getting.
I am trying to set an selinux boolean using the following command:
setsebool -P rsync_client 1
This returns the following output:
libsepol.context_from_record: type avahi_conf_t is not defined
libsepol.context_from_record: could not create context structure
libsepol.context_from_string: could not create context structure
libsepol.sepol_context_to_sid: could not convert
system_u:object_r:avahi_conf_t:s0 to sid
invalid context system_u:object_r:avahi_conf_t:s0
Failed to commit changes to booleans: Success
Aside from the last line being very confusing the boolean seems to be set but
the setting won't persist across reboots. I suspect the error lines hint at
the problem but a search on the net didn't reveal what's going on.
As mentioned this was already happening while the system was still Fedora 33
(though the undefined type then was something with dns). I hoped it would get
fixed with an upgrade to Fedora 35, but it only changed the type that's
undefined.
What's going on here and how can I solve this ?
--------------------------------------------------------------------------------
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it:https://pagure.io/fedora-infrastructure
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
--
---- ---- ----
Michael Reilly michaelr@xxxxxxxxx
Cisco Systems Arizona
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure