On Fri, Dec 07, 2012 at 08:22:10 -0500, John.Florian@xxxxxxxx wrote:
Thinking selinux might be preventing the relabel from happening (?!?) I rebooted with selinux=0 so that I could reconfig /etc/sysconfig/selinux having SELINUX=permissive, touched /.autorelabel and rebooted again. This time I saw the relabel process do its thing and trigger a reboot. I then went back to reconfig /etc/sysconfig/selinux having SELINUX=enforcing, rebooted and all seemed well, finally.
The autorelabel is supposed to happen early in the boot process and I think it is supposed to work even if you system normally comes up in enforcing mode. So that sounds like a bug.
(You can come up in permissive mode using the enforcing=0 kernel parameter. This is a bit more convenient in some cases for a one time boot, than changing the selinux configuration.)
This is generally the safeest way to relabel as you don't want processes that started with the wrong context creating more incorrectly labelled files while you are trying to fix things up (with say restorecon).
So, I'm all good now, but there may be some bugs in that "relabel should happen automatically" bit. -- John Florian
-- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
