Partitions Mounted by fstab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Chaps,

I'm running SELinux in permissive mode on F8. I was thinking of switching to
enforcing mode and took a peek inside /var/log/messages to see what denials
SELinux is currently reporting. I was *horrified* - there must be thousands
there! Doing "cat /var/log/audit/audit.log" is even worse - it takes about a minute to
scroll through!

They mainly relate to procmail, clamd and samba but I get many reports of
incorrectly labelled files (file_t).

I want to tackle these one step at a time and I think the first place to start
is with the incorrectly labelled files.

I have tried the "touch ./autorelabel; reboot" trick (several times!) but I
still get the same errors.

As a mater of interest, I have a procmail recipe which writes a copy of every
mail I receive to a backup area on my /dev/sda8 partition, mounted as
/mnt/backup/ by fstab. (It is an ext3 partition).

I have tried doing:
"restorecon -v -R /mnt/backup"
and even:
"fixfiles relabel"

on this partition, but I gather this will not work. I think that I must
somehow define a policy for this (and probably other) partition(s), but I am
unclear as to how to go about this.

I am reasonably familiar with Linux generally, but am a complete SELinux
virgin (and frankly scared silly of it). I normally turn off SELinux as my
first action after installing a distro, but I think it's about time I got to
grips with its security benefits.

I would be very grateful therefore if someone could hold my hand through this
learning process!

I have to run this particular box headless and access via ssh so I have to do
everything with command-line tools.


Thanks in advance...

Mark

Attachment: pgp3vwlpCNGbR.pgp
Description: PGP signature

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux