Daniel J Walsh wrote: > > > Yes if you bind mount a usr_t directory without telling the system about > it, it could cause labeling problems. > > For example, if you store your homedirs in /usr/myhome/dwalsh and bind > mount this over /home/dwalsh. SELinux will label the directory usr_t > since /usr/myhome/dwalsh defaults to a usr_t label. If you bind mount > it over /home/dwalsh and run restorecon on /home/dwalsh it will label it > properly. But depending on which directory have restorecon run on it > you can get different results. Usually we only have small relabels that > happen on policy upgrades, so it probably never hit this directory. But > this update seems to have triggered a larger relabel something like > > restorecon -R -v /usr > > > So the problem in SELinux is we do not have an easy way to say > /usr/myhome == /home > or /usr/myhome/dwalsh == /home/dwalsh > > OK - in my case it is different on different machines - in one case for example I have /opt/Local/home bind mounted over /home as well as /opt/Local/mail bind mounted over /var/spool/mail - and this is very common for me so that the user areas and mail spools are not over-written during a clean install at the next version of Fedora - so this issue is of major importance to me. On another system /home/opt is bind mounted over /opt as well as an analogous mail bind mount. In all cases the contexts had been set for the directories soon after F10 was installed and the system was seeing these correct contexts in the bind mounted directories ever since until last night. The update then broke the contexts for these directories until a manual restorecon, which is how I understand your comments above? -- View this message in context: http://www.nabble.com/selinux-policy-3.5.13-46.fc10.noarch---slight-hiccup%21-tp22296524p22310595.html Sent from the Fedora List mailing list archive at Nabble.com. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines