"setenforce 0" just sets a boolean, AFAIK. It depends on policy whether or not that does or should drop all SELinux enforcement mechanisms at runtime, but only the boot-time relabel is _guaranteed_ to restore _all_ system and user files to the "correct" security context according to the prescribed policy.
On February 5, 2022 12:34:30 AM AKST, Geert Janssens <geert@xxxxxxxxxxxx> wrote:
Op vrijdag 4 februari 2022 14:57:10 CET schreef justina colmena ~biz:Have you tried this?
# touch /.autorelabel && reboot
I didn't exactly run that command but I remember running "restorecon -Rv /"
which I believe should have the same effect. That didn't fix my issue and it
possibly even printed errors on the console as well. With the help of Vit
Mojzis I managed to fix the issue. The problem turned out to be a broken
custom policy. I don't know what broke it but the system works properly now.
So I can't go back to reproduce any details other than those I reported in a
previous reply.
Regards,
Geert
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure