As we develop SELinux we are adding new labels to homedir content
Bill Nottingham
notting at redhat.com
Fri Jun 1 20:12:00 UTC 2012
Lennart Poettering (mzerqung at 0pointer.de) said:
> > Another option would be to just relabel /home (# restorecon -R -v /home) at
> > upgrade time. But this would also be time consuming. And would not catch the
> > cases where the homedir is not in /home.
>
> I am strongly for this option. Allowing the user to login while the
> relabel is still in progress (like it would with restorecond, right?)
> sounds like a really bad idea... I mean, incorrect labels when used just
> lead to more incorrect labels, no? And incorrect labels also result in
> access errors? Both sound like something to avoid...
I agree here as well. Given that even in our crazy Fedora world, we're only
doing upgrades at most every 6 months, an extra minute or 3 in the upgrade
process is just noise, it's not a dealbreaker.
Bill
More information about the devel
mailing list