On 7/24/20 3:26 PM, Stephen Smalley wrote: <snip> > > Second, if your policy is changing these rules and the superblock has > already been initialized, then the only way to get your new rule > applied is if you can cause the old superblock to go away, e.g. > unmount. And that won't work while it is in use. So rebooting if > your only option if you cannot do that. Rebooting with SELinux > disabled and then running setfiles will be the safest when performing > a complete policy changeover since you will then have no interference > by the old policy. > Thanks, I think this is the answer I was looking for. It is not entirely elegant to say the least but I guess it will have to do.
