-----BEGIN PGP SIGNED MESSAGE-----
On 07/31/2012 07:34 AM, Vadym Chepkov wrote:
Once n a while I find mislabeled files on the file system. Since I never
touched them, I assume it is due to the policy change. What is the best
practice, shall I relabel the system every time selinux-policy-targeted is
# restorecon -vR /usr/ restorecon reset /usr/libexec/sesh context
# restorecon -vR /var restorecon reset /var/lib/rsyslog context
-- selinux mailing list selinux(a)lists.fedoraproject.org
You could do that, but I am not sure this is caused by selinux-policy updates.
selinux-policy updated attempts to fix labels after an update on any file
context that changed between the previous policy and the new policy.
Files getting mislabeled is usually either Human Error, or a bug in an
application like an init script that recreates a file or directory but does
not run restorecon itself. Human mistakes could be caused by running an
application directly rather then from an init script. For example if you ran
syslogd directly it would run as unconfined_t and when it could have created
/var/lib/rsyslog with the wrong label.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----