Enabling SELinux (was Re: How to make SELinux in Fedora work?)
Stephen Smalley
sds at epoch.ncsc.mil
Thu Jun 3 19:12:23 UTC 2004
On Thu, 2004-06-03 at 13:11, Park Lee wrote:
> Then, what are those means?
> Does they mean that relabel can work in a non-SELinux kernel?
I suspect that his unofficial FAQ is referring to situations where you
can no longer boot a SELinux kernel and need to perform emergency
recovery. In such a case, you could boot a non-SELinux kernel that has
the extended attribute handlers and relabel your filesystems to deal
with most files, although there is still the potential for some
unlabeled/mislabeled files as I mentioned due to file creation on that
kernel.
Also, those particular answers in his FAQ may have been based on the
older SELinux, before the move to using the Linux xattr support, where
you could relabel on any vanilla kernel since the labels were stored in
the persistent label mapping.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the selinux
mailing list