Gene Heskett wrote:
Except that 4 reboots later I have not succeeded in getting the relabel
to work. I've tried SELINUX=disabled and SELINUX=permissive in
/etc/selinux/config while leaving the SELINUXTYPE=targeted setting.
So what actually is the magic incantation that will make this work?
Your method was ignored, and the manpages method is also being ignored,
or is wrong. ISTR the touch /.autorelabel did work once, and the
/.autorelabel was auto-removed, but is not now. It still exists right now.
[root@diablo /]# ls -l /.autorelabel
-rw-r--r-- 1 root root 0 May 4 21:13 /.autorelabel
The most sure way for me to relabel the system was to boot with selinux
disabled and into runlevel 1. (Add selinux=0 1 to kernel stanza by
appending to grub boot line)
I then would run 'fixfiles relabel' and also get rid of the contents of
/tmp when prompted.
I would then reboot the system normally. A drawback is that the system
goes into another relabeling since selinux was disabled completely by
the above steps.
I have relabeled using touch /.autorelabel and also relabeled by
appending autorelabel to the grub stanza. For severe labeling problems,
the first choice seems to work best.
Another way to relabel is by changing the setting in
system-config-securitylevel. The system should relabel on reboot.
Jim
--
<tausq> Q. What's the difference between Batman and Bill Gates?
<tausq> A. When Batman fought the Penguin, he won.
