On 11/10/19 12:22 PM, sixpack13 wrote:
I have read more then once in the howto's regarding upgrade that one task is to do an relabeling.
I have never seen such recommendation. I'd rather defer to what Dan Walsh has written on the subject: Full relabelling of an SELinux machine should almost never be necessary, Unless you disable SELinux. And none of you would ever do that :^), permissive mode is a much better idea. Running restorecon recursively on a directory is a better and much quicker solution. But sometimes a machine could get so totally corrupted that you have to autorelabel. An admin going crazy with chcon? Every selinux-policy update package includes a limited relabel, although sometimes this is less limited then others. The package update fixes all labels that changed in the update. The selinux-policy package compares the file context file pre install and post install and attempts to relabel the greatest common denominator, if I remember my math terms correctly. Basically if the update package sees label changes in /usr/lib64 it will run a fixfiles /usr/lib64. And to his point, I have never done a relabel after an upgrade or update. The only time I've done a relabel is when I'd been working with non-fedora supplied SW and disabling selinux in order to get it to run at all. After doing that I was well aware of what what I had caused/done. -- The key to getting good answers is to ask good questions. _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
