Dear sir,
Now, I know the reason to run 'fixfiles relabel' in single-user mode.
Let's look at the 3 steps again:
1. Modified /etc/sysconfig/selinux to have 'SELINUX=permissive' 2. Rebooted single-user and ran 'fixfiles relabel' 3. Rebooted multi-user
Can I take the steps in the order as the following:
1. Rebooted single-user and ran 'fixfiles relabel' 2. Rebooted multi-user 3. Modified /etc/sysconfig/selinux to have 'SELINUX=permissive' 4. Rebooted multi-user
That is ,can we first 'fixfiles relabel' in a non-SELinux kernel. and then turn into the SELinux kernel ? Is it safe?
Respectfully yours,
Park Lee
2004-06-03
--------------------------------- Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger
Park Lee wrote:
Dear sir,
Now, I know the reason to run 'fixfiles relabel' in single-user mode.
Let's look at the 3 steps again:
- Modified /etc/sysconfig/selinux to have 'SELINUX=permissive'
- Rebooted single-user and ran 'fixfiles relabel'
- Rebooted multi-user
Can I take the steps in the order as the following:
- Rebooted single-user and ran 'fixfiles relabel'
- Rebooted multi-user
- Modified /etc/sysconfig/selinux to have 'SELINUX=permissive'
- Rebooted multi-user
That is ,can we first 'fixfiles relabel' in a non-SELinux kernel. and then turn into the SELinux kernel ? Is it safe?
No, Relabel will not work in a Non SELinux kernel.
Respectfully yours,
Park Lee
2004-06-03
Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger http://messenger.yahoo.com/
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
On Thu, 2004-06-03 at 12:29, Park Lee wrote:
That is ,can we first 'fixfiles relabel' in a non-SELinux kernel. and then turn into the SELinux kernel ? Is it safe?
If the kernel has the requisite extended attribute handlers, then you can set the SELinux attributes using that kernel, even if SELinux itself is disabled. However, you may still end up with some files that lack labels, e.g. if any files are created while the relabel is running (after their directories have already been traversed) or after the relabel has completed before the system reboots (including any files created during shutdown). Hence, it is preferable to be running SELinux.
selinux@lists.fedoraproject.org