I'm running with selinux=0 and would like to delete the no longer updated security contexts from my file systems. Is there a way to do that short of mke2fs + restore from backup?
-- Bob Nichols Yes, "NOSPAM" is really part of my email address.
On Fri, 2005-06-24 at 09:42 -0500, Robert Nichols wrote:
I'm running with selinux=0 and would like to delete the no longer updated security contexts from my file systems. Is there a way to do that short of mke2fs + restore from backup?
find / -exec setfattr -x security.selinux {} ;
You might want to further qualify the find statement to avoid noise on filesystems that don't support security contexts, e.g. find / ( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs ) -exec setfattr -x security.selinux {} ;
Stephen Smalley wrote:
On Fri, 2005-06-24 at 09:42 -0500, Robert Nichols wrote:
I'm running with selinux=0 and would like to delete the no longer updated security contexts from my file systems. Is there a way to do that short of mke2fs + restore from backup?
find / -exec setfattr -x security.selinux {} ;
You might want to further qualify the find statement to avoid noise on filesystems that don't support security contexts, e.g. find / ( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs ) -exec setfattr -x security.selinux {} ;
Thanks. It seems I need to have SELinux enabled temporarily in order to do that, which is why I wasn't having any luck trying to find the way myself.
I'll reconsider SELinux when there are some reasonably friendly tools for constructing local policy. About the only place SELinux would benefit me (desktop system providing no externally accessible services) would be to restrict my web browser, and with somewhat nonstandard partitioning (e.g., "mount -o bind /var/home /home") and several widely scattered directories where I like to store stuff, no standardized policy is likely to work for me.
selinux@lists.fedoraproject.org