Re: selinux: rhel5 x fedora 14

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/12/2011 04:03 PM, Paul Howarth wrote:
> On Wed, 12 Jan 2011 13:02:21 -0500
> Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
>> On 01/12/2011 06:29 AM, Paulo Cavalcanti wrote:
>>> Hi,
>>>
>>> I have two HDs on my computer: one with rhel5 5.5 and the other with
>>> fedora 14.
>>> Both systems share some directories located in a common /home,
>>> mainly used by the httpd process.
>>>
>>> The problem is that selinux in fedora 14 uses "unrestricted_u" by
>>> default for all users, which rel5 does not understand,
>>> and any file labeled that way is treated as "unlabeled_t" in rhel5.
>>>
>>> I tried to relabel all files in Fedora 14 using "chcon -R -u user_u
>>> -t user_home_t" , for instance,
>>> but every new file is still created as "unrestricted_u".
>>>
>>> I know very little about selinux, and I would like to know how to
>>> force all files in F14 to be user_u,
>>> but keeping the user owning those files, unrestricted.
>>>
>>> Is that possible? Is there a better solution for not having tons of
>>> denials in rhel5?
>>>
>>> Thanks.
>>>
>>> -- 
>>> Paulo Roma Cavalcanti
>>> LCG - UFRJ
>>>
>> One solution would be to mount with a context on one of the platforms.
>>
>> On RHEL5 mount the users homedir with a context of nfs_t, and set the
>> boolean to say allow nfs homedirs
>>
>>
>> mount -o context="system_u:object_r:nfs_t:s0" /dev/ABC /home
>> setsebool -P use_nfs_home_dirs 1
> 
> What happens with newly-created files whilst booted in RHEL-5 in this
> case? What will Fedora 14 see them as?
> 
> Paul.

nfs_t, i think so Stephens solution is probably better?  I would hope in
stephens solution they would be labeled user_home_t.  But it would
probably be smart to run restorecon -R -v ~/ When you login on F14
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0uGA4ACgkQrlYvE4MpobOgowCeMa76n4GpqyR4e3xx+U4VTetM
06cAoM+k/MeqJ1G9wwgluo5hqjn+bXni
=kdw9
-----END PGP SIGNATURE-----
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux