James Young wrote:
Does selinux check context on the whole directory hierarchy when making a decision about permission to enter a directory? That is, when I try to access /home/Data/pgsql, will it check the context on /home, then /home/Data, and then on /home/Data/pgsql? Or will it only check the context on /home/Data/pgsql? I want to put a Postgres database in a /home/Data/pgsql/data directory, but the initrc script will not run it there. I can run it as the postgres user. The contexts mirror the /var/lib/pgsql/data directory: user_u:object_r:postgres_db_t. The context of /home/Data/pgsql is system_u:object_r:var_lib_t.
The whole hierarchy must be readable. Putting server data under /home always causes problems. I'd suggest bind mounting /home/Data/pgsql to /var/lib/pgsql or something similar.
You could change the context type of /home/Data to var_t but you'd probably still have issues with /home itself.
Does Fedora use the reference policy from Tresys exactly? If not, where can I find the source policy for Fedora. All I can find are the if files.
The selinux-policy SRPM.
Finally, are there any better references for selinux. Everything I've read seems dated.
http://fedoraproject.org/wiki/SELinux is a decent starting point. Paul. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
