Re: can not boot with strict policy

On Mon, 23 Apr 2007, Stephen Smalley wrote:

> /lib/libsepol.so.1 should be labeled with shlib_t, not lib_t. Under
> targeted policy, they are aliases for one another. Under strict, they
> are separate types.
>
> Boot with "enforcing=0 single" to come up permissive into single-user
> mode, then run /sbin/fixfiles relabel -F to forcible relabel everything,
> then reboot.

I wonder if we could automate this, so that the autorelabel is also run on boot if you switch between different types of policy. -- James Morris <jmorris@namei.org> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.

• This message: [ Message body ]
• Next message: Stephen Smalley: "Re: can not boot with strict policy"
• Previous message: James Antill: "Re: [POLICYREP PATCH] Add generic iterators and a list data type to libsepol"
• In reply to: Stephen Smalley: "Re: can not boot with strict policy"
• Next in thread: Stephen Smalley: "Re: can not boot with strict policy"
• Reply: Stephen Smalley: "Re: can not boot with strict policy"
• Reply: Russell Coker: "Re: can not boot with strict policy"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]