Bug 120126 - Anaconda should run setfiles on existing partitions
Anaconda should run setfiles on existing partitions
Product: Fedora
Classification: Fedora
Component: anaconda (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jeremy Katz
Mike McLean
: FutureFeature
Depends On:
Blocks: 122683
  Show dependency treegraph
Reported: 2004-04-06 04:56 EDT by Need Real Name
Modified: 2007-11-30 17:10 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-09-22 15:16:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2004-04-06 04:56:07 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6)
Gecko/20040312 Epiphany/1.1.12

Description of problem:
If selinux is selected in install, then setfiles
/etc/security/file_contexts <partition> should be run on partitions to
be retained eg: /home.

Otherwise wierd results can happen (not just permission denied errors)
Comment 1 Jeremy Katz 2004-04-06 14:36:57 EDT
I have somewhat serious reservations about doing this since if you
then go back to earlier releases without an updated kernel, your
system will not boot at all.

Dan, thoughts here?
Comment 2 Daniel Walsh 2004-04-06 14:42:45 EDT
I believe this is not a problem with the last fc1 kernels.  The
problem here is that this is a indefinite period of time, and we
really do not support upgrades.  So I would say no.  The user will
either need to relable or mount his /home using a context users can
write too.

Comment 3 Need Real Name 2004-04-06 15:12:29 EDT
I was not really talking about "upgrades" (never do them).
What I meant was a clean install while leaving home alone (I keep www
there as well as users accounts)

If the user selects selinux on install, hen shouldn't the install give
a usable system on first boot.
Comment 4 Bill Nottingham 2004-04-06 16:45:48 EDT
No matter what, this needs relnoted, whichever way we go.
Comment 5 Jeremy Katz 2004-05-07 00:10:18 EDT
With SELinux off by default, deferring this until FC3
Comment 6 Jeremy Katz 2004-09-22 15:16:24 EDT
Not going to do this, there are too many potential negative impacts
and it shouldn't matter much with targeted policy (the default in FC3)

Note You need to log in before you can comment on or make changes to this bug.