Re: when and how the selinux label all file system according to "file_contexts"?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



2008/12/27 Daniel J Walsh <dwalsh@xxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Justin P. Mattock wrote:
Thanks, i have found it: in the /etc/init.d/selinux(ubuntu 8.04) such as:
   .....
    log_warning_msg "Relabeling could take a very long time, depending"
  log_warning_msg "on file system size and speed of hard drives."
  /bin/sed -i -f $statusfile /etc/selinux/config
  log_action_begin_msg "Relabeling files"
  ${SETFILES} /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts ${FILESYSTEMS}
  ....
  It invoke "setfiles" to label all file system. 
> xing li wrote:
>> I have confused by the question:
>> when and how the selinux label all file system according to
>> "file_contexts"?
>> and i found the clue that when we "touch /.autorelabel",the system
>> would invoke
>> "fixfiles relabel" to relabel the file system. but i could't find the
>> relevant source code.
>> Maybt somebody has investigated that and could share infomation?
> From what I remember,
> .autorelabel is called by a daemon,
> (selinux-basic package); but am unclear with
> what the name might be with the different distros.
> I normally make policy; make install; make relabel;
> that is if anybody uses the commands "make"
> anymore.
>
> regards;
>
> Justin P. Mattock
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx
> with
> the words "unsubscribe selinux" without quotes as the message.
/etc/rc.sysinit includes a line that looks for /.autorelabel and then
executes /sbin/fixfiles restore.

# grep autorelabel /etc/rc.sysinit
       rm -f  /.autorelabel
       rm -f  /.autorelabel
   if [ -f /.autorelabel ] || strstr "$cmdline" autorelabel ; then
   if [ -f /.autorelabel ] || strstr "$cmdline" autorelabel ; then
       [ -f /.autorelabel ] || touch /.autorelabel

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAklWFYQACgkQrlYvE4MpobM97QCg2mpa8DBMHXbFlJilQUbt/O0F
6oUAn1aU0QcICcEiZ+B7ImIvF6VFP9nI
=h8ji
-----END PGP SIGNATURE-----

[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux