SELinux and Shorewall with IPSets
Mr Dash Four
mr.dash.four at googlemail.com
Sun Jun 27 20:16:20 UTC 2010
>> Is that a necessary thing to do after installing a new module? My
>> understanding is that relabelling only corrects the SELinux file
>> attributes on every file on the system, so why would I need to do the
>> relabelling when I have just installed a new policy?
>>
>> Also, if my assumption is correct then why would I need to have a
>> running SELinux to do that? It is a great inconvenience and a real pain
>> for scenarios I described in my previous posts!
>>
>
> Good points. i think you might indeed be able to run restorecon or
> fixfiles/setfiles in %post, but i am not sure.
>
> I would suggest you try it.
>
I definitely will, though I am encouraged that I may not need to do the
relabelling after all as I have just ran freshly built image with
SELinux=Enforced and without shorewall/ipset installed (so that they
don't create unnecessary problems) through qemu and it ran happily - no
problems. Will see how it goes in practice, fingers crossed.
> Otherwise wait a day when the professionals can reply to your query.
>
Haha! No worries, I am glad there are still people left in the community
willing to give you a hand when needed (besides, there is no guarantee
that these 'professionals' as you put it would be able to help out -
I've ran across all sorts in my career).
More information about the selinux
mailing list