Re: selinux-policy-3.5.13-46.fc10.noarch - slight hiccup!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Daniel J Walsh wrote:
> 
> 
> Yes if you bind mount a usr_t directory without telling the system about
> it, it could cause labeling problems.
> 
> For example, if you store your homedirs in /usr/myhome/dwalsh and bind
> mount this over /home/dwalsh.  SELinux will label the directory usr_t
> since /usr/myhome/dwalsh defaults to a usr_t label.  If you bind mount
> it over /home/dwalsh and run restorecon on /home/dwalsh it will label it
> properly.  But depending on which directory have restorecon run on it
> you can get different results.  Usually we only have small relabels that
> happen on policy upgrades, so it probably never hit this directory.  But
> this update seems to have triggered a larger relabel something like
> 
> restorecon -R -v /usr
> 
> 
> So the problem in SELinux is we do not have an easy way to say
> /usr/myhome == /home
> or /usr/myhome/dwalsh == /home/dwalsh
> 
> 

OK - in my case it is different on different machines - in one case for
example I have /opt/Local/home bind mounted over /home as well as
/opt/Local/mail bind mounted over /var/spool/mail - and this is very common
for me so that the user areas and mail spools are not over-written during a
clean install at the next version of Fedora - so this issue is of major
importance to me.

On another system /home/opt is bind mounted over /opt as well as an
analogous mail bind mount.

In all cases the contexts had been set for the directories soon after F10
was installed and the system was seeing these correct contexts in the bind
mounted directories ever since until last night.  The update then broke the
contexts for these directories until a manual restorecon, which is how I
understand your comments above? 


-- 
View this message in context: http://www.nabble.com/selinux-policy-3.5.13-46.fc10.noarch---slight-hiccup%21-tp22296524p22310595.html
Sent from the Fedora List mailing list archive at Nabble.com.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux