On Wed, 30 Dec 2009 18:52:02 -0600 Robert Nichols <rnicholsNOSPAM@xxxxxxxxxxx> wrote: > On my system I have home directories in /var/home and bind mounted > to /home: > > /var/home on /home type none (rw,bind) > > Is there any way to prevent restorecon on /var from descending into > /var/home and destroying the normal home directory file contexts? > Reproducing all of file_contexts.homedirs in local policy is of course > unmaintainable. You can make the file contexts for /var/home match those for /home very easily on F-11 onwards: # semanage fcontext -a -e /home /var/home See http://danwalsh.livejournal.com/2009/04/09/ for Dan's blog on file context equivalency. On a slightly related issue, I note that current selinux-policy packages do a restorecon on the contents of /var/lib, which on my mock buildsystem is *huge* (all buildroots live under /var/lib/mock) and takes a very long time indeed. I wonder what the problem is that this behaviour is trying to solve? Paul. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
