-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Howarth wrote: > On Mon, 26 Jan 2009 15:18:05 -0500 > Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Paul Howarth wrote: >>> On a RHEL 5 server I have bind-mounted home directories, where the >>> data on the server actually lives in /srv/homes but this is >>> bind-mounted to /nis-home. The user home directories in LDAP refer >>> to the /nis-home locations. >>> >>> When I updated to the 5.3 selinux policy, everything >>> under /srv/homes got relabelled based on the /srv/homes pathname >>> rather than the /nis-home pathname. What would be the best way of >>> preventing this from happening in the future? >>> >>> Paul. >>> >>> -- >>> fedora-selinux-list mailing list >>> fedora-selinux-list@xxxxxxxxxx >>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list >> You can setup the labeling using semanage. >> >> >> semanage fcontext -a -t home_root_t /srv/homes >> semanage fcontext -a -t user_home_dir_t -f-d '/srv/homes/[^/]*' >> semanage fcontext -a -t user_home_t '/srv/homes/[^/]*/.+' > > That gets the majority of things right but misses things like > ~/.spamassassin (spamassassin_home_t). > > Is there a way of seeing the full set of homedir contexts that would > include additions from local policy modules? At least with that I'd be > able to replicate them to /srv/homes/ > > Paul. > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list I attempted to open a discussion on what you are trying to do on this list a couple of weekes ago, You could do some sed/shell magic with the /etc/selinux/targeted/modules/active/homedir_template File, but I think the solution is to be able to add alternative roots in the libsemanage.conf file and have it do the labeling for you. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkl/E6gACgkQrlYvE4MpobMyHgCfe3u9QgrZ2+L4bvTwScgJnDt8 cgcAoNT/tw3Nw5u3y921rP975oVzq0T9 =lawI -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
