-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/12/2011 04:03 PM, Paul Howarth wrote: > On Wed, 12 Jan 2011 13:02:21 -0500 > Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: >> On 01/12/2011 06:29 AM, Paulo Cavalcanti wrote: >>> Hi, >>> >>> I have two HDs on my computer: one with rhel5 5.5 and the other with >>> fedora 14. >>> Both systems share some directories located in a common /home, >>> mainly used by the httpd process. >>> >>> The problem is that selinux in fedora 14 uses "unrestricted_u" by >>> default for all users, which rel5 does not understand, >>> and any file labeled that way is treated as "unlabeled_t" in rhel5. >>> >>> I tried to relabel all files in Fedora 14 using "chcon -R -u user_u >>> -t user_home_t" , for instance, >>> but every new file is still created as "unrestricted_u". >>> >>> I know very little about selinux, and I would like to know how to >>> force all files in F14 to be user_u, >>> but keeping the user owning those files, unrestricted. >>> >>> Is that possible? Is there a better solution for not having tons of >>> denials in rhel5? >>> >>> Thanks. >>> >>> -- >>> Paulo Roma Cavalcanti >>> LCG - UFRJ >>> >> One solution would be to mount with a context on one of the platforms. >> >> On RHEL5 mount the users homedir with a context of nfs_t, and set the >> boolean to say allow nfs homedirs >> >> >> mount -o context="system_u:object_r:nfs_t:s0" /dev/ABC /home >> setsebool -P use_nfs_home_dirs 1 > > What happens with newly-created files whilst booted in RHEL-5 in this > case? What will Fedora 14 see them as? > > Paul. nfs_t, i think so Stephens solution is probably better? I would hope in stephens solution they would be labeled user_home_t. But it would probably be smart to run restorecon -R -v ~/ When you login on F14 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0uGA4ACgkQrlYvE4MpobOgowCeMa76n4GpqyR4e3xx+U4VTetM 06cAoM+k/MeqJ1G9wwgluo5hqjn+bXni =kdw9 -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
