Relabeling the filesystem actually just corrects the labeling, it does not remove the labeling, even if selinux is disabled.
Effectively, this is a feature not a bug. All be it poorly documented. (apparently Mac uses @ instead of .) There is documentation in the coreutils info pages on ls: "Following the file mode bits is a single character that specifies whether an alternate access method such as an access control list applies to the file. When the character following the file mode bits is a space, there is no alternate acces method. When it is printing a character, then there is such a method. Gnu `ls` uses a `.' character to indicate a file with an SELinux security context, but no other alternate access method. A file with any other combination of alternate access methods is marked with a `+' character." Here is a summarized discussion from a blog by Dan Walsh (in comment section) on Managing FIle Context (http://danwalsh.livejournal.com/4208.html): q: i would like to know how to completely remove ALL file labels created by SELinux a: you can not remove labels it is part of SELinux system note: Dan did not state that, Anonymous did, and no one disagreed/corrected them. However there is a thread (http://osdir.com/ml/fedora-selinux/2009-07/msg00087.html) about "removing context" where someone suggests this: find . -exec setfattr -h -x security.selinux '{}' \; -greg [email protected] wrote on 12/02/2010 04:54:24 PM: > > That didn’t seem to make any difference... :( > > From: [email protected] [mailto:[email protected]] > On Behalf Of Harrison, Jonathan > Sent: Thursday, December 02, 2010 1:57 PM > To: '[email protected]' > Subject: Re: [rhelv6-list] selinux (not quite) disabled? > > I believe that you can touch .autorelabel in / and then reboot to > perform this action. I typically do this every time I set /etc/ > sysconfig/selinux to disabled. > > Jonathan > > >So, how do I make it go away? :) > > >Kevin > > >-----Original Message----- > >From: [email protected] > >[mailto:[email protected]] On Behalf Of Marti, Robert > >Sent: Thursday, December 02, 2010 12:44 PM > >To: [email protected] > >Subject: Re: [rhelv6-list] selinux (not quite) disabled? > > > >From: [email protected] [rhelv6-list- > [email protected]] On Behalf Of Bill Nottingham [[email protected]] > >Sent: Thursday, December 02, 2010 14:38 > >To: [email protected] > >Subject: Re: [rhelv6-list] selinux (not quite) disabled? > > >Collins, Kevin [BEELINE] ([email protected]) said: > >> In testing RHEL6, I have noted that some directories show a "." (dot) > at > >> the end: > > >It means the files/directories have a SELinux security label stored > in an extended attribute - the attributes remain present on the > filesystem even if SELinux is disabled. > > >Bill_______________________________________________ > rhelv6-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/rhelv6-list _______________________________________________ rhelv6-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv6-list
