On 09/20/2011 12:48 PM, Jon Detert wrote: > I installed CentOS 6.0 on 2 different x86_64 boxen. Both originally had selinux installed and enabled. I never touched selinux other than to remove as much of it as I could via rpm -e. As far as I can tell, here are the remaining packages that have something to do with it: > > # rpm -qa | grep -iE 'sel|pol' > checkpolicy-2.0.22-1.el6.x86_64 > libselinux-2.0.94-2.el6.x86_64 > libsepol-2.0.41-3.el6.x86_64 > polkit-0.96-2.el6_0.1.x86_64 > # > > Both boxen have those packages. > > However: > > 1) box1 still has files in /selinux whereas box2's /selinux is empty; > 2) ls -l on box1 shows a '.' at the end of file/directory, ... Each inode in the file system still has a security attribute attached. You need to walk through the file system and remove them, one at a time: #!/bin/sh if [ "$1" = -v ]; then verbose=y shift else verbose=n fi for F in "$@";do if [ -n "$(getfattr --absolute-names -n security.selinux "$F" 2>/dev/null)" ]; then [ $verbose = y ] && echo "$F" setfattr -x security.selinux "$F" fi done -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it.