On Thu, 03 Jun 2004 12:42:35 ,Daniel J Walsh wrote:
No, Relabel will not work in a Non SELinux kernel.
But there are 2 items in The UnOfficial SELinux FAQ� http://www.crypt.gen.nz/selinux/faq.html :
I upgraded my SELinux kernel to a new version and now I get lots of errors on booting, what went wrong? Bad things happen if you upgrade your kernel to a newer version which has an incompatible policy with the previous version. You probably forgot to install the policy and/or relabel the filesystems before booting the new version. Boot your system from a non-SELinux kernel and go back and do these things.
If one of those messages is "login[1007]: UNABLE TO GET VALID SID FOR root" The SID table is mangled. Try logging in using a different method ( such as connecting over SSH ), otherwise you will need to recover by booting a non-SELinux kernel, then relabel the filesystem and reload the policy ( make reset and make load ).
Then, what are those means? Does they mean that relabel can work in a non-SELinux kernel?
yours, Park Lee 2004-06-03
--------------------------------- Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger
On Thu, 2004-06-03 at 13:11, Park Lee wrote:
Then, what are those means? Does they mean that relabel can work in a non-SELinux kernel?
I suspect that his unofficial FAQ is referring to situations where you can no longer boot a SELinux kernel and need to perform emergency recovery. In such a case, you could boot a non-SELinux kernel that has the extended attribute handlers and relabel your filesystems to deal with most files, although there is still the potential for some unlabeled/mislabeled files as I mentioned due to file creation on that kernel.
Also, those particular answers in his FAQ may have been based on the older SELinux, before the move to using the Linux xattr support, where you could relabel on any vanilla kernel since the labels were stored in the persistent label mapping.
selinux@lists.fedoraproject.org