On 09/26/2016 12:23 PM, Weiyuan (David, Euler) wrote: > Dear All: > > I have a question that is when and how the root“/”and files in it > are labeled? > > > > There are "/ u:object_r:rootfs:s0" in file_contexts, and "genfscon > rootfs / u:object_r:rootfs:s0" in genfs_contexts. > > My understanding is, First, kernel will load the initial_sid_contexts > before init process do the selinux_initialize(). > > Then when rootfs is mounted to “/”, kernel will label it with > “u:object_r:labeledfs. > > And After init process do the selinux_initialize() to load sepolicy to > kernel, there will be a restorecon to “/”. > > > > Am I right? If I am right, then when do this restorecon happen?
restorecon is only needed for /data or other filesystems that are updated at runtime. The rootfs is typically just unpacked from initramfs and all files within it are assigned a default label based on the genfscon statement, unless using a real ext4 root filesystem partition (in which case the inode xattrs would be set when the filesystem image is generated, not when the system is booting). _______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
