Deleting file contexts
Robert Nichols
rnicholsNOSPAM at comcast.net
Mon Jun 27 16:01:58 UTC 2005
Stephen Smalley wrote:
> On Fri, 2005-06-24 at 09:42 -0500, Robert Nichols wrote:
>
>>I'm running with selinux=0 and would like to delete the no longer
>>updated security contexts from my file systems. Is there a way to
>>do that short of mke2fs + restore from backup?
>
>
> find / -exec setfattr -x security.selinux {} \;
>
> You might want to further qualify the find statement to avoid noise on
> filesystems that don't support security contexts, e.g.
> find / \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \)
> -exec setfattr -x security.selinux {} \;
Thanks. It seems I need to have SELinux enabled temporarily in order
to do that, which is why I wasn't having any luck trying to find the
way myself.
I'll reconsider SELinux when there are some reasonably friendly
tools for constructing local policy. About the only place SELinux
would benefit me (desktop system providing no externally accessible
services) would be to restrict my web browser, and with somewhat
nonstandard partitioning (e.g., "mount -o bind /var/home /home")
and several widely scattered directories where I like to store
stuff, no standardized policy is likely to work for me.
--
Bob Nichols Yes, "NOSPAM" is really part of my email address.
More information about the selinux
mailing list