Stephen Smalley wrote:
On Thu, 2009-01-22 at 14:15 +0000, Paul Howarth wrote:
On a RHEL 5 server I have bind-mounted home directories, where the data
on the server actually lives in /srv/homes but this is bind-mounted to
/nis-home. The user home directories in LDAP refer to the /nis-home
locations.
When I updated to the 5.3 selinux policy, everything under /srv/homes
got relabelled based on the /srv/homes pathname rather than the
/nis-home pathname. What would be the best way of preventing this from
happening in the future?
If you just want to prevent automatic relabeling from touching that tree
at all, just add a "<<none>>" entry for it to file_contexts, e.g.
semanage fcontext -a -t "<<none>>" "/srv/homes(/.*)?"
Excellent! That seems to work perfectly - though I prefer to use a local
policy module rather than semanage for these things:
localmisc.fc:
...
# Don't touch stuff here
/srv/homes(/.*)? <<none>>
...
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
