As we develop SELinux we are adding new labels to homedir content
Miroslav Suchy
msuchy at redhat.com
Thu May 31 20:02:26 UTC 2012
On 31.5.2012 21:44, Daniel J Walsh wrote:
> A third option would be to run "restorecon -R -v $HOME" in background in an
> profile script the first time you login on a new OS Version. This would seem
> to be the least time consuming, but could be subject to race conditions, you
> hit the mislabeled file before the restorecon fixes it. This would be better
> then what we have now, in that everyone can hit the mislabeled file directory.
I mostly prefer latency on my workstation/latency and waiting for
relabel is PITA. I would rather risk reboot if I ever hit that race
condition (chance is 0.0001%?).
But on (production) server I would not mind waiting for relabeling.
I would propose to relabel in background by default (honestly my mother
does not care about SElinux) and if user knows and care - as sysadmin of
server - he will flip some option in /etc/selinux/config just before
reboot and relabeling will be done in foreground as is done today with
/.autorelabel
Mirek
More information about the devel
mailing list