restorecon doesn't rely on having policy sources
(selinux-policy-targeted-sources) installed. It uses the installed
file_contexts configuration created by the policy
(selinux-policy-targeted) package. That lives
under /etc/selinux/targeted/contexts/files.
Aha, I think the O'Reilly book is just out of date. Not surprising
considering the moving target that is SELinux.
SELinux utilities don't rely on having the policy sources
available,
as you likely don't want them on production systems. make relabel is
really only for developers, and hardly used at all anymore (it
predates having fixfiles and restorecon).
Actually I am developing here. My problem is that I have a huge chroot
directory (basically a full duplicate of the whole system) and I want to get
everything in there labeled as if it was outside chroot. To do this I
duplicated file_contexts/types.fc and used sed to prepend the chroot
directory to every line. It seems to work pretty well, but I'm still having
trouble getting the user home directories inside chroot labeled properly.
The homedirs macros and files are apparently throwing me.
I'd appreciate any suggestions on a better way to label the chroot
filesystem. And any ideas on how to get those chrooted homedirs labeled
correctly.
Stephen Brueckner, ATC-NY
