On Wed, 2011-01-12 at 09:29 -0200, Paulo Cavalcanti wrote: > Hi, > > I have two HDs on my computer: one with rhel5 5.5 and the other with > fedora 14. > Both systems share some directories located in a common /home, mainly > used by the httpd process. > > The problem is that selinux in fedora 14 uses "unrestricted_u" by > default for all users, which rel5 does not understand, > and any file labeled that way is treated as "unlabeled_t" in rhel5. > > I tried to relabel all files in Fedora 14 using "chcon -R -u user_u -t > user_home_t" , for instance, > but every new file is still created as "unrestricted_u". > > I know very little about selinux, and I would like to know how to > force all files in F14 to be user_u, > but keeping the user owning those files, unrestricted. > > Is that possible? Is there a better solution for not having tons of > denials in rhel5? When mounting /home under rhel5, add the context= option to your list of mount options, e.g. context=user_u:object_r:user_home_t:s0 Then your rhel5 system will treat all inodes under /home as if they were labeled with that context and will not read the values set by f14. -- Stephen Smalley National Security Agency -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
