-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, Mar 29, 2006 at 10:34:56PM -0700, Craig White wrote:
Not likely. I mean, yes, it would be recomended, but I'm pretty good as changing things without needing to reboot, and I'm daring enough to do it :) After all, it is not like this is an important machine. It is just my company main internet server :)
It sort of occurs to me that breaking the security contexts of things like /etc/passwd and /bin/bash (/bin/sh) suggests to me that a much larger problem exists.
Yeah, it existed. I played a lot with SELinux on this machine before going into production, and also with the policies. It was, after all, my first CentOS machine :)
fixfiles relabel is a time consuming process (perhaps not a big deal) but can change things that were specifically labeled other than the default setting, creating new issues.
That is not a problem. The only context change I did intentionaly was documented, so I just did it again after the relabel.
And it was kind of fast, come to think of it. About 5 minutes or so.
# rpm -q --whatprovides /etc/passwd setup-2.5.44-1.1 (my FC-4 system) # fixfiles -R setup restore
[root@lin-workstation activeldap]# rpm -q --whatprovides /bin/bash bash-3.0-31 (again my FC-4 system) # fixfiles -R bash restore
Tkx, but I had fixes those 2 manually some time ago, with chcon. But it was a cat and mouse game, since I was pretty sure there were other files with wrong contexts I was not aware of.
After the relabel, all errors stopped (checking on dmesg), and everything I tried worked flawlessly.
I'm a very happy kitten right now :)
- -- Rodrigo Barbosa rodrigob@suespammers.org "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)