selinux/policycoreutils/restorecond/restorecond.conf
Joshua Brindle 64d7ef5d44 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Add glob support for restorecond
Date: Mon, 08 Sep 2008 15:03:51 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have added supported for GLOB expressions in restorecond.  In order to
get nsplugin to work well, you need all of the contents of the homedir
labeled correctly.  Unfortunately gnome creates directories at a fairly
random pace.  FCFS.  So it is very difficult to get transitions to
happen properly.  As a tradeoff, we can use restorecond to watch the
homedir and relabel the directory when it is created.  I know this is a
potential race condition. where some of the files created in the
directory will still have the wrong context, but I don't know of a
better solution.

Telling everyone they need to restorcon -R -v ~ is not a great solution.
 If you are worried about information flow you should never rely on
restorecond.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjFdxcACgkQrlYvE4MpobPtjACg3uyqaHD78FRxdaG5mfitnoB/
lh0AnjvfDC2vmCWisxzWq2qFsZMMu3XK
=JiG7
-----END PGP SIGNATURE-----

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2008-09-07 18:51:09 -04:00

9 lines
133 B
Plaintext

/etc/services
/etc/resolv.conf
/etc/samba/secrets.tdb
/etc/mtab
/var/run/utmp
/var/log/wtmp
~/*
~/.mozilla/plugins/libflashplayer.so