Re: SELinux last straw

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andy Green wrote:

If you can't see the pam config or resolv.conf on an unknown box you
don't know what will work either until you start trying and look.

Those don't have much to do with file access control.

Permissive was useful for me to gingerly add selinux to a remote box
that never had it before, the box couldn't be killed but I could learn
where the issues were (a handful, FWIW).  I turned it straight to
enforcing and rebooted and fixed them up.

The one golden rule I found seems to be to do with avoiding mv and using
cp when introducing files to a new selinux directory tree.  So if you
created files in ~ and mv them to /var/www/html, because it is done by
shifting inodes around and not creating files, they will retain the home
directory related selinux label and make trouble.  If you cp'd them
over, new files are created in the new directory context, they will have
httpd-related labels.

Does that mean some backup/restore methods work and some don't? My preference for almost all copy/move operations is rsync because it is pretty much the same regardless of whether the source/dest are local or not. Will it work in the case where both are local? What happens when they aren't?

--
  Les Mikesell
   lesmikesell@xxxxxxxxx

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux