F17-Selinux troubles after upgrading
Daniel J Walsh
dwalsh at redhat.com
Thu May 3 13:04:41 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/02/2012 06:44 PM, Adam Williamson wrote:
> On Wed, 2012-05-02 at 16:24 -0400, Daniel J Walsh wrote:
>> On 05/02/2012 04:22 PM, Adam Williamson wrote:
>>> On Sat, 2012-04-28 at 20:30 +0100, Frank Murphy wrote:
>>>> On 28/04/12 20:26, antonio wrote:
>>>>> I upgraded from F-16 to F-17 Beta, then upgraded to find that I
>>>>> couldn't delete my own files!!! after disabling Selinux and
>>>>> enabling it again (i.e. relabeling) everything is o.k.Anybody
>>>>> experiencing it??
>>>>
>>>> No, but it's good practice to do a relabel after an update. As
>>>> policies most likely have changed, even if subtly.
>>>>
>>>> I'm surprised a full relabel wasn't done automatically.
>>>
>>> Antonio doesn't really provide much detail on how exactly he upgraded.
>>> I think anaconda-based upgrades do a relabel automatically, but
>>> obviously upgrading via yum won't necessarily do so.
>>
>> We have not done a full relabel on upgrade,since it could take
>> potentially a very long time. We could just drop the /.autorelabel file
>> in preupgrade which would trigger the relabel. I have not heard of other
>> people having SELinux labeling issues on upgrade, I wish we had the
>> audit.log to see what the problem was.
>
> Well, I didn't say 'full relabel' =) But indeed I was vague. IIRC, anaconda
> relabels some specific directories.
Yes it fixes up any files/directories that are created by anaconda before
SELinux policy is loaded.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk+igmkACgkQrlYvE4MpobN/lgCgg3ftRS83sLTazhaRQfF5fhru
0jwAn3qcGAu8n1QE+vrI0ZyT6Pez3CMi
=xlf7
-----END PGP SIGNATURE-----
More information about the test
mailing list