Bug 120126 - Anaconda should run setfiles on existing partitions
Summary: Anaconda should run setfiles on existing partitions
Alias: None
Product: Fedora
Classification: Fedora
Component: anaconda   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Jeremy Katz
QA Contact: Mike McLean
Whiteboard: FC3
Keywords: FutureFeature
Depends On:
Blocks: 122683
TreeView+ depends on / blocked
Reported: 2004-04-06 08:56 UTC by Need Real Name
Modified: 2007-11-30 22:10 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-09-22 19:16:24 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Need Real Name 2004-04-06 08:56:07 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6)
Gecko/20040312 Epiphany/1.1.12

Description of problem:
If selinux is selected in install, then setfiles
/etc/security/file_contexts <partition> should be run on partitions to
be retained eg: /home.

Otherwise wierd results can happen (not just permission denied errors)

Comment 1 Jeremy Katz 2004-04-06 18:36:57 UTC
I have somewhat serious reservations about doing this since if you
then go back to earlier releases without an updated kernel, your
system will not boot at all.

Dan, thoughts here?

Comment 2 Daniel Walsh 2004-04-06 18:42:45 UTC
I believe this is not a problem with the last fc1 kernels.  The
problem here is that this is a indefinite period of time, and we
really do not support upgrades.  So I would say no.  The user will
either need to relable or mount his /home using a context users can
write too.


Comment 3 Need Real Name 2004-04-06 19:12:29 UTC
I was not really talking about "upgrades" (never do them).
What I meant was a clean install while leaving home alone (I keep www
there as well as users accounts)

If the user selects selinux on install, hen shouldn't the install give
a usable system on first boot.

Comment 4 Bill Nottingham 2004-04-06 20:45:48 UTC
No matter what, this needs relnoted, whichever way we go.

Comment 5 Jeremy Katz 2004-05-07 04:10:18 UTC
With SELinux off by default, deferring this until FC3

Comment 6 Jeremy Katz 2004-09-22 19:16:24 UTC
Not going to do this, there are too many potential negative impacts
and it shouldn't matter much with targeted policy (the default in FC3)

Note You need to log in before you can comment on or make changes to this bug.