High weirdness and questionable utility of restorecond
Daniel J Walsh
dwalsh at redhat.com
Thu Sep 11 11:46:46 UTC 2014
Yes recursively would be far too expensive of an operation.
If you look at RHEL7, we introduce file_name_transitions, which allow us
to do a better job of labeling files/directories on
creation.
https://danwalsh.livejournal.com/46018.html
On 09/05/2014 03:09 PM, Jonathan Abbey wrote:
> On Fri, 05 Sep 2014 14:05:57 -0500, Jonathan Abbey wrote:
> |
> | Given that this is happening with max_watches set far too low to
> | handle recursive directory watches under /home, I'm going to assume
> | that the restorecond code at selinuxproject actually does closely
> | reflect what RHEL 6 is shipping, and recursion just isn't supported
> | with restorecond.
>
> And after re-reading the comment on restored.conf at
>
> http://selinuxproject.org/page/GlobalConfigurationFiles
>
> I see that I misinterpreted the meaning of "~/*". It says that it
> "expands to listen for all files created for all logged-in users
> within their home directories". I took that to be recursively within
> their home directories, but apparently not.
>
> Jon
>
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20140911/17052816/attachment.html>
More information about the selinux
mailing list