Toralf Lund wrote:
Paul Howarth wrote:So /sbin/kmodule (which didn't work) would be an SELinux-protected app, and ls, cat etc. unprotected?If you have ever booted with SELinux disabled (or share a Linux partition with a different distro that doesn't use SELinux), you will have unlabelled files on your system. Accesses to these files from SELinux-protected apps won't work properly.
Sounds possible. Whether commands are protected or not sometimes depends on the contexts they are run from. For instance, if httpd is started from the initscript, it's protected, but if you start it yourself from the command line, it isn't.
Maybe the problem is that the upgrade I did also enabled SELinux? Seems to me that if it did, it also ought to ensure it installed files with the right labels, though...
It *will* install files with correct labels, but if you're doing an upgrade then you will already have lots of unlabelled files. I do think that the installer should advise a relabel if you're upgrading a systen that wasn't previously using SELinux to be an SELinux-enabled one though.
Paul.
