sön 2011-04-03 klockan 21:39 +0200 skrev Michal Schmidt: > If on the other hand / stays read-only for the whole duration of > working with SELinux disabled, then no contexts will be harmed and > relabeling will not be necessary.
If / is ro but /var is rw then a relabel is still useful, right? And /var is more likely to be mounted rw than / is, so it would make sense to store this flag somewhere in /var. Or even better, in each filesystem. (An xattr on the root inode?) /Alexander PS. Not that my opinion matters, but I find ConditionSELinux prettier than ConditionSecurity, possibly because SELinux is very much its own beast and lumping it together with "security systems" seems arbitrary. Might as well call it ConditionEnabledFeature. _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
