when and how the selinux label all file system according to "file_contexts"?

when and how the selinux label all file system according to "file_contexts"?

[xing li]

[-- Attachment #1: Type: text/plain, Size: 347 bytes --]

I have confused by the question:
when and how the selinux label all file system according to "file_contexts"?
and i found the clue that when we "touch /.autorelabel",the system would
invoke
"fixfiles relabel" to relabel the file system. but i could't find the
relevant source code.
Maybt somebody has investigated that and could share infomation?

[-- Attachment #2: Type: text/html, Size: 400 bytes --]

Re: when and how the selinux label all file system according to "file_contexts"?

[Justin P. Mattock]

xing li wrote:
> I have confused by the question:
> when and how the selinux label all file system according to 
> "file_contexts"?
> and i found the clue that when we "touch /.autorelabel",the system 
> would invoke
> "fixfiles relabel" to relabel the file system. but i could't find the 
> relevant source code.
> Maybt somebody has investigated that and could share infomation? 
 From what I remember,
.autorelabel is called by a daemon,
(selinux-basic package); but am unclear with
what the name might be with the different distros.
I normally make policy; make install; make relabel;
that is if anybody uses the commands "make"
anymore.

regards;

Justin P. Mattock

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: when and how the selinux label all file system according to "file_contexts"?

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Justin P. Mattock wrote:
> xing li wrote:
>> I have confused by the question:
>> when and how the selinux label all file system according to
>> "file_contexts"?
>> and i found the clue that when we "touch /.autorelabel",the system
>> would invoke
>> "fixfiles relabel" to relabel the file system. but i could't find the
>> relevant source code.
>> Maybt somebody has investigated that and could share infomation? 
> From what I remember,
> .autorelabel is called by a daemon,
> (selinux-basic package); but am unclear with
> what the name might be with the different distros.
> I normally make policy; make install; make relabel;
> that is if anybody uses the commands "make"
> anymore.
> 
> regards;
> 
> Justin P. Mattock
> 
> -- 
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
> with
> the words "unsubscribe selinux" without quotes as the message.
/etc/rc.sysinit includes a line that looks for /.autorelabel and then
executes /sbin/fixfiles restore.

# grep autorelabel /etc/rc.sysinit
 	rm -f  /.autorelabel
 	rm -f  /.autorelabel
    if [ -f /.autorelabel ] || strstr "$cmdline" autorelabel ; then
    if [ -f /.autorelabel ] || strstr "$cmdline" autorelabel ; then
        [ -f /.autorelabel ] || touch /.autorelabel

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAklWFYQACgkQrlYvE4MpobM97QCg2mpa8DBMHXbFlJilQUbt/O0F
6oUAn1aU0QcICcEiZ+B7ImIvF6VFP9nI
=h8ji
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: when and how the selinux label all file system according to "file_contexts"?

[xing li]

[-- Attachment #1: Type: text/plain, Size: 2236 bytes --]

2008/12/27 Daniel J Walsh <dwalsh@redhat.com>

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Justin P. Mattock wrote:
>
Thanks, i have found it: in the /etc/init.d/selinux(ubuntu 8.04) such as:
   .....
    log_warning_msg "Relabeling could take a very long time, depending"
  log_warning_msg "on file system size and speed of hard drives."
  /bin/sed -i -f $statusfile /etc/selinux/config
  log_action_begin_msg "Relabeling files"
  ${SETFILES} /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts
${FILESYSTEMS}
  ....
  It invoke "setfiles" to label all file system.

>  > xing li wrote:
> >> I have confused by the question:
> >> when and how the selinux label all file system according to
> >> "file_contexts"?
> >> and i found the clue that when we "touch /.autorelabel",the system
> >> would invoke
> >> "fixfiles relabel" to relabel the file system. but i could't find the
> >> relevant source code.
> >> Maybt somebody has investigated that and could share infomation?
> > From what I remember,
> > .autorelabel is called by a daemon,
> > (selinux-basic package); but am unclear with
> > what the name might be with the different distros.
> > I normally make policy; make install; make relabel;
> > that is if anybody uses the commands "make"
> > anymore.
> >
> > regards;
> >
> > Justin P. Mattock
> >
> > --
> > This message was distributed to subscribers of the selinux mailing list.
> > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
> > with
> > the words "unsubscribe selinux" without quotes as the message.
> /etc/rc.sysinit includes a line that looks for /.autorelabel and then
> executes /sbin/fixfiles restore.
>
> # grep autorelabel /etc/rc.sysinit
>        rm -f  /.autorelabel
>        rm -f  /.autorelabel
>    if [ -f /.autorelabel ] || strstr "$cmdline" autorelabel ; then
>    if [ -f /.autorelabel ] || strstr "$cmdline" autorelabel ; then
>        [ -f /.autorelabel ] || touch /.autorelabel
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iEYEARECAAYFAklWFYQACgkQrlYvE4MpobM97QCg2mpa8DBMHXbFlJilQUbt/O0F
> 6oUAn1aU0QcICcEiZ+B7ImIvF6VFP9nI
> =h8ji
> -----END PGP SIGNATURE-----
>

[-- Attachment #2: Type: text/html, Size: 3329 bytes --]