When I run #make relabel, /home gets labeled as default_t. However,
when I
run #/sbin/restorecon /home, /home gets labeled as home_root_t. This
confuses me, since according to the O'Reilly book both commands refer to
/src/policy/file_contexts/file_contexts. Where else might /sbin/restorecon
be getting its information from?
Not sure, but I thought make relabel skipped /home entirely.
Furthermore, I notice that /src/policy/file_contexts/file_contexts
does not
contain the string home_root_t. I suppose that home_root_t comes from the
homedir_template file during the Make process, but then why doesn't #make
relabel correctly label /home?
That sounds like a bug, but I'm not seeing the same thing on rawhide.
Then again, I run strict policy.
home_root_t goes into file_contexts.homedirs
(and that gets created from the template)
I also notice that my context/files/file_contexts file is stale.
Doing
#make relabel or #make reload doesn't update it.
I think that was fixed in rawhide.
Try make install?
Does this file ever get
referenced anyway, since all the relabeling utilities seem to use
/src/policy/file_contexts/file_contexts instead?
They do?
Nothing should be using that file, except
things involved in installing the policy sources.
If it does get used, who
uses it? And how can I be sure it gets updated to match
src/policy/file_contexts/file_contexts?
make load *should* be sufficient, but you
might be seeing a bug - try make install.
Any help in demystifying the file labeling procedure is appreciated!
Hopefully others on this list can help you more, but basically,
everything should be using contexts/files/file_contexts, and
the file_contexts.homedirs. Nothing should be using the src file -
that's strictly policy sources.