beware SELinux not interoperable in multiboot

[John Reiser]

> I'm going to take the plunge next year and get a 64 bit mobo and
> processor :-)

> Which means as long as I backup fstab and disconnect the other HDs, I
> should be okay just to format /dev/hda. Can someone confirm this and are
> there any gotchas I need to be aware of?

Beware that SELinux is not interoperable between versions, in general.
This means that multibooting different systems on the same box, and/or
cross-mounting filesystems on different kernels, is prone to problems.
The disagreement over the policy and labeling will force you to relabel
all filesystems often.  It's a pain, and it can take quite a bit of effort
to be sure that everything gets switched back and forth correctly.

SELinux has a ways to go in usability for "hobbiest" administrators.
For one thing, there should be an "epoch" associated with each significant
revamp of policy (fixing "normal" bugs does not change the epoch, but
introducing a new boolean or class does, etc.), and relabeling
across epochs should have additional safeguards.


--