On Wed, 2017-01-11 at 12:41 +0000, Alan Jenkins wrote: > fixfiles links to restorecon. However if you start with restorecon > "restore file(s) default SELinux security contexts", you can easily > miss the fixfiles script. fixfiles is more generally useful than > `restorecon -R`. For example `restorecon -R /` is not as good as > `fixfiles restore`, because the restorecon command will try to > relabel > `/sys` and fail noisily. Thanks, applied both patches. Wondering though about the behavior you describe above; restorecon -R /sys only issues one error message for me and otherwise works fine, # restorecon -R /sys Could not set context for /sys/fs/cgroup: Read-only file system > > Signed-off-by: Alan Jenkins <alan.christopher.jenkins@xxxxxxxxx> > --- > policycoreutils/setfiles/restorecon.8 | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/policycoreutils/setfiles/restorecon.8 > b/policycoreutils/setfiles/restorecon.8 > index b00bf4e..bd27113 100644 > --- a/policycoreutils/setfiles/restorecon.8 > +++ b/policycoreutils/setfiles/restorecon.8 > @@ -214,6 +214,7 @@ The program was written by Dan Walsh <dwalsh@redh > at.com>. > > .SH "SEE ALSO" > .BR setfiles (8), > +.BR fixfiles (8), > .BR load_policy (8), > .BR checkpolicy (8), > .BR customizable_types (5) _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
