On 6/6/23 23:13, Henry Zhang wrote:
Zdenek,
fixfiles are used for relabeling.
Relabel hints the system was labeled before.
But when the system is labeled initially?
After selinux-policy-targeted (or minimum/mls) is installed. These
packages contain distribution policy modules (including file context
definitions).
In which cases
1. semodule should be called?
"semodule" is for managing policy modules (install, remove, list,
enable, disable), so for example when you want to add a custom policy
module, or list which modules are present in your system.
2. fixfiles should be executed?
After a policy change (new policy module is installed/removed, or new
file context definition is added using "semanage fcontext"), or after
mounting a new filesystem.
Note that relabeling can be done using "fixfiles", "setfiles", or
"restorecon", all of which use the same underlying code (each is just
aimed at different use-case).
Hope this helps.
Vit
Thanks.
----henry
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue