On Mon, 26 Jan 2009 15:18:05 -0500 Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Paul Howarth wrote: > > On a RHEL 5 server I have bind-mounted home directories, where the > > data on the server actually lives in /srv/homes but this is > > bind-mounted to /nis-home. The user home directories in LDAP refer > > to the /nis-home locations. > > > > When I updated to the 5.3 selinux policy, everything > > under /srv/homes got relabelled based on the /srv/homes pathname > > rather than the /nis-home pathname. What would be the best way of > > preventing this from happening in the future? > > > > Paul. > > > > -- > > fedora-selinux-list mailing list > > fedora-selinux-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list > > You can setup the labeling using semanage. > > > semanage fcontext -a -t home_root_t /srv/homes > semanage fcontext -a -t user_home_dir_t -f-d '/srv/homes/[^/]*' > semanage fcontext -a -t user_home_t '/srv/homes/[^/]*/.+' That gets the majority of things right but misses things like ~/.spamassassin (spamassassin_home_t). Is there a way of seeing the full set of homedir contexts that would include additions from local policy modules? At least with that I'd be able to replicate them to /srv/homes/ Paul. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list