On Wed, 2009-10-07 at 15:34 +0200, Jim Meyering wrote:
> Stephen Smalley wrote:
>
> > On Wed, 2009-10-07 at 14:48 +0200, Jim Meyering wrote:
> >> Stephen Smalley wrote:
> >> ...
> >> > FWIW, there is a subtle difference here:
> >> > - chcon
On Wed, 2009-10-07 at 14:48 +0200, Jim Meyering wrote:
> Stephen Smalley wrote:
> ...
> > FWIW, there is a subtle difference here:
> > - chcon can in fact work on a SELinux-disabled kernel, as you can still
> > set the security.* extended attributes as long as the filesyst
On Tue, 2009-10-06 at 10:14 +0200, Jim Meyering wrote:
> Jim Meyering wrote:
> > Stephen Smalley wrote:
> > ...
> >> Must have previously booted an ancient kernel with SELinux permissive
> >> and no policy loaded. Kernel was fixed by the commit below in 2006.
&
e commit below in 2006.
I'd recommend that he run the following to clean up the droppings in his
filesystem:
find / \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 \) -exec setfattr -x
security.selinux {} \;
commit 8aad38752e81d1d4de67e3d8e2524618ce7c9276
Author: Stephen Smalley
Date: Wed M
e.
>
> However, the underlying problem still needs to be dealt with:
> the outrageous expense of the matchpathcon function.
> Is anyone planning to address that?
There have been a number of small optimizations made over time, and we
keep looking for other ways to improve the situation. T
/* If there's an error determining the context, or it has none,
> return to allow default context */
>if ((matchpathcon (file, st.st_mode, &scontext) != 0) ||
This issue came up recently again, see:
https://bugzilla.redhat.com/show_bug.cgi?id=447410
It appears that the p
