>>>>> "RC" == Ralf Corsepius <rc040203@xxxxxxxxxx> writes: RC> People seem to have forgotten that homes are completely out of a RC> distro's control. They are not guaranteed to be on a local RC> filesystem or on an SELinux-enabled filesystem and are not RC> standardized by any standard .... Hence the use_*_home_dirs booleans. It's certainly a great idea to provide a security model where the home directory can be protected. It's also a great idea to provide a knob to turn that off. Fortunately we have both. Also, with NFSv4.2, selinux works across an NFS mount. Which was quite a surprise when RHEL7.3 turned it on by default, but now I have selinux labeling for home directories across NFS. That's useful for a relatively narrow range of situations but, again, it's something you can disable. - J< _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
