-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/27/2010 04:14 AM, Paul Howarth wrote:
> On 27/08/10 07:12, Daniel B. Thurman wrote:
>>
>> I have several versions of root distro partitions of which I do
>> mount via fstab, but of course only one / and /boot partition
>> is to be defined for the version to be booted.
>>
>> What I would like to know is, if I do an /.autorelabel,
>> for one boot/root partition, does this mean that every
>> mounted filesystem that appears in /etc/fstab also gets
>> relabeled? If so, this is not what I want especially if
>> other root distro partitions are being mounted for example,
>> say: /md/{distro1, distro2, ...}
>>
>> So, How do I get around this? I could comment out
>> all entries in /etc/fstab except / and /boot (plus the
>> required entries), touch /.autorelabel, reboot, and once
>> relabeling is completed, then add back in the commented
>> out fstab entries, then issue a mount -a. Could I add an option
>> entry say: NO_RELABEL to certain fstab entries?
>>
>> Since I was introduced to the /media since F9, I never could
>> figure out how to add mounted "media" filesystems, which
>> is why I added them instead to fstab.
>>
>> How do I solve this issue?
>
> I create a local policy module for this sort of thing, with a file
> contexts entry like this:
>
> # Don't touch stuff here
> /srv/homes(/.*)? <<none>>
>
> So you could have:
> ::::::::::::::
> otherdistros.fc
> ::::::::::::::
> /md/distro1(/.*)? <<none>>
> /md/distro2(/.*)? <<none>>
>
> ::::::::::::::
> otherdistros.te
> ::::::::::::::
> policy_module(otherdistros, 0.0.1)
>
> Building and installing that module should do the trick.
>
> Paul.
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
I have blogged on this.
http://danwalsh.livejournal.com/38157.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx/t0UACgkQrlYvE4MpobO5VQCeKI2USb464qcyXwhdDtISY8U/
bjQAoKVeXxiwlxrPucDUmVHf39Yv4k13
=ozaG
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
