F17 vs. Pentium 4

Michal Jaegermann michal at harddata.com
Mon Apr 9 23:46:17 UTC 2012


On Mon, Apr 09, 2012 at 04:22:38PM -0500, Michael Hennebry wrote:
> 
> My next trick should be to fix the need for enforcing=0.
> Should triggering an automatic relabeling do that?

One of reasons why it is needed.

> Why does SELinux need fixing?
> Do its rules reference sectors, absolute or relative?

No. SELinux looks at labels on files.  Your copy targets got labels
according to their locations on a system where you were doing a copy
(or do not have such labels at all if SELinux was not active at that
time).  Now you need labels relative to your new root before you can
operate with 'enforcing=1'.

In general if you are messing with files using anything else than
your intended target, or if you were running even for a short moment
with SELinux off, then to turn it on you have to fix labels.

> I'll definitely need to fix /boot .
> The best case scenario is that it gets really cluttered
> when I start updating kernels on multiple OSs.

With multiple installations on the same machine chainloading "private"
bootloaders is likely the cleanest option even if grub2 will raise a
hissy fit about putting it on a partition. Shrug!  An "old grub" still
can be used wherever possible.

  Michal


More information about the test mailing list