ons, 27.04.2005 kl. 07.17 skrev Ivan Gyurdiev: > > -rw-r--r-- smearp smearp user_u:object_r:user_home_t flashplayer.xpt > > -rwxr-xr-x smearp smearp user_u:object_r:texrel_shlib_t > > This is correct, but it's not done automatically, because /home is > entirely skipped when changing the contexts after a policy upgrade. > > Personally, I think this is a major problem, but Daniel Walsh points out > that (1) automatic restorecon on /home presents a security risk of > mislabeled files ( like gpg keys and such in the wrong place), and (2) > automatic restorecon on /home might take a very long time. > > I think if we are to introduce more fine-grained labeling of "$HOME" in > the future (which we should), this problem needs to be solved somehow. What happens if /home is on NFS?