[CentOS] selinux policy remnant according to /bin/ls on CentOS 6.0 box

[Robert Nichols]

On 09/20/2011 12:48 PM, Jon Detert wrote:
> I installed CentOS 6.0 on 2 different x86_64 boxen.  Both originally had selinux installed and enabled.  I never touched selinux other than to remove as much of it as I could via rpm -e.  As far as I can tell, here are the remaining packages that have something to do with it:
>
> # rpm -qa | grep -iE 'sel|pol'
> checkpolicy-2.0.22-1.el6.x86_64
> libselinux-2.0.94-2.el6.x86_64
> libsepol-2.0.41-3.el6.x86_64
> polkit-0.96-2.el6_0.1.x86_64
> #
>
> Both boxen have those packages.
>
> However:
>
> 1) box1 still has files in /selinux whereas box2's /selinux is empty;
> 2) ls -l on box1 shows a '.' at the end of file/directory,
...

Each inode in the file system still has a security attribute attached.
You need to walk through the file system and remove them, one at a
time:

   #!/bin/sh
   if [ "$1" = -v ]; then
     verbose=y
     shift
   else
     verbose=n
   fi

   for F in "$@";do
     if [ -n "$(getfattr --absolute-names -n security.selinux "$F" 2>/dev/null)" 
]; then
       [ $verbose = y ] && echo "$F"
       setfattr -x security.selinux "$F"
     fi
   done

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.