I install very basic Fedora Core 3 system using ks.cfg file. From %post portion of ks.cfg, I replaced couple of configuration files at the end of install process (basically, they all got new inode number). One of them is ntp.conf.
Now, every time I want to start ntpd, I'm getting errors from SELinux and ntpd is denied access to ntp.conf file.
If I delete ntp.conf file and create new one while the system is running, everything seems to be working. Ntpd can read this "new" ntp.conf.
It looks as if SELinux remembers the inode of the file across the reboots, and uses inode (not file name) to grant or deny access to files. So if inode changes while SELinux is not running (for example during installation, or when booted in rescue mode from CD I guess), it will remember what was the old inode number and block application's access to the file based on that (and if some other file is assigned (now free) inode number of the old ntp.conf file, SELinux will allow application to access it, altough it shouldn't).
Is above paragraph correct? Is that the way SELinux works?
Couple of questions. How to instruct SELinux portion of Linux that some inodes had changed outside of its controll, so it should update its internal databases? Am I to expect this every time I boot from CD in rescue mode and change something?
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
