Re: FC1 compatibility - was [Bug 119719] New: SELinux FAQ - SELinux FAQ - suggested questions on FC1 compatability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Karsten Wade wrote:

-----Forwarded Message-----



https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=119719


Here are two questions likely to be frequently asked, missing from the
FAQ. They belong right after "Q: I installed Fedora Core on a system
with an existing /home partition, and now I can't log in."



Thanks, good questions.

Just because I'm brave, I'm going to start answers to these questions,
but am hoping others will soon chime in and help with the final answers
for the FAQ.  Please!



Q: If I relabel my existing /home partition after upgrading to FC2,
will I still be able to read it if I need to revert to FC1? (In other
words, am I burning my bridges when I run setfiles or fixfiles?)


Newly created files will not have a context and if you remove an recreate a file it will not have a context.

You (should?) be able to read the files from an FC1 system, but if the
FC1 system does not have SELinux installed or enabled, any writes it
does to that partition will be without file context. (Would this
include changing timestamps? What about writing to existing files which
do have file contexts?)



You can read the files on the fc1 system. 

Just newly created files.

Q: Can an NFS-mountable /home partition be shared by FC1 and FC2
installations?



Yes. You can mount a non-SELinux partition with the context= option,
e.g.:


You can nfs mount off of a SELinux file system onto a non SELinux file system. You can
also nfs mount a non SELinux file system on a SELinux machine. By default all files are treated
as nfs_t context. You can choose to override the default context by using the context option

mount -t nfs -o context=system_u:object_r:tmp_t server:/some/path /mnt/wherever

All of the files on the mount will appear to have the context
system_u:object_r:tmp_t to SELinux.

Any files written by a non-SELinux system will not have file contexts,
and the contexts of existing files are affected how?



Not true. When SELinux exports the file system the files will end up with the default context of the \
directory they were created in. The remote system has no effect on the file contexts.

thx - Karsten


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux