-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Mar 29, 2006 at 10:34:56PM -0700, Craig White wrote: > > Not likely. I mean, yes, it would be recomended, but I'm pretty good > > as changing things without needing to reboot, and I'm daring enough to > > do it :) After all, it is not like this is an important machine. It is > > just my company main internet server :) > ---- > It sort of occurs to me that breaking the security contexts of things > like /etc/passwd and /bin/bash (/bin/sh) suggests to me that a much > larger problem exists. Yeah, it existed. I played a lot with SELinux on this machine before going into production, and also with the policies. It was, after all, my first CentOS machine :) > fixfiles relabel is a time consuming process (perhaps not a big deal) > but can change things that were specifically labeled other than the > default setting, creating new issues. That is not a problem. The only context change I did intentionaly was documented, so I just did it again after the relabel. And it was kind of fast, come to think of it. About 5 minutes or so. > # rpm -q --whatprovides /etc/passwd > setup-2.5.44-1.1 > (my FC-4 system) > # fixfiles -R setup restore > > [root at lin-workstation activeldap]# rpm -q --whatprovides /bin/bash > bash-3.0-31 > (again my FC-4 system) > # fixfiles -R bash restore Tkx, but I had fixes those 2 manually some time ago, with chcon. But it was a cat and mouse game, since I was pretty sure there were other files with wrong contexts I was not aware of. After the relabel, all errors stopped (checking on dmesg), and everything I tried worked flawlessly. I'm a very happy kitten right now :) - -- Rodrigo Barbosa <rodrigob at suespammers.org> "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEK3XtpdyWzQ5b5ckRAixPAJ95UBidPuibj8k5xkt/xlJVMwd72wCgpl+b 9ARLbMzp4ur5BStk+TIa2QM= =PwKZ -----END PGP SIGNATURE-----