On Thursday, 5 January 2017 11:09:49 PM AEDT Marco d'Itri wrote: > > After creating symlinks please test if /sbin/restorecon (or > > /usr/sbin/restorecon) exists, if it exists run "/sbin/restorecon $NAME" > > where $NAME is the newly created link. > > Do you mean the /{bin,sbin,lib/,...}/ links
Yes. > or each and every one that > may be created e.g. in /usr/bin/ as replacement of an existing similar > link? I hadn't noticed any changes in that regard, which means that any links that were recreated had the desired type by default. In almost all cases a symlink under /usr will have the same type as the directory it's in which means that it will work fine with the default context from when the package installation scripts are run. While there could possibly be an issue in that regard in future, it's unlikely and could be considered a bug in policy. But the wrong label on the links for /bin or /sbin can prevent users logging in to the system (even root). I suggest not bothering about the theoretical issue that may never happen in practice and probably won't be serious anyway (the potential labels of links under /usr) and just fix the proven repeatable problem that makes sysadmin access impossible (labelling of /{bin,sbin,lib/,...}/ links). -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/