On 2007-04-21, Florin Andrei <florin@xxxxxxxxxxxxxxx> wrote: >> >> # Add new labeling rule: >> /usr/sbin/semanage fcontext -a -t mysqld_db_t "/db/mysql(/.*)?" > > Which files are modified by this command, and will the changes persist > after updates will be released (and applied) for the selinux RPMs? The new rule is added to /etc/selinux/targeted/contexts/files/file_contexts.local and will persist after upgrades of mysql/selinux. > I guess I should run semanage for /db/tmp as well? I think you will get away with simply labelling /db/ as mysqld_db_t: /usr/sbin/semanage fcontext -a -t mysqld_db_t "/db(/.*)?" restorecon -R /db > > # grep /db /etc/fstab > LABEL=/db /db ext3 defcontext=system_u:object_r:var_t:s0 1 2 That doesn't look right to me.. I think you should label it mysqld_db_t, not var_t. mysqld_db_t should mean only mysql will have access to these files and directories, while var_t is much more open. Lots of apps probably have access to var_t. But -- you should probably do either mount option, or "semanage fcontext". No need to do both. -jf -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
