As we develop SELinux we are adding new labels to homedir content
Miloslav Trmač
mitr at volny.cz
Thu May 31 20:06:56 UTC 2012
On Thu, May 31, 2012 at 9:44 PM, Daniel J Walsh <dwalsh at redhat.com> wrote:
> A third option would be to run "restorecon -R -v $HOME" in background in an
> profile script the first time you login on a new OS Version. This would seem
> to be the least time consuming, but could be subject to race conditions, you
> hit the mislabeled file before the restorecon fixes it. This would be better
> then what we have now, in that everyone can hit the mislabeled file directory.
It would also turn labeling problems into heisenbugs that are
impossible to reproduce or diagnose, supporting the impression that
"SELinux breaks systems" and "it is difficult to understand SELinux".
Would it be possible to keep restorecond running on the systems
updated from older releases, and have it disabled by default on fresh
installs? (If I understand correctly, this already affects F17, so it
is too late...)
Mirek
More information about the devel
mailing list