Re: fcontext nightmare - Help please?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Sun, 2012-08-19 at 13:24 -0700, Tom London wrote:
> On Tue, Aug 14, 2012 at 2:21 PM, Dominick Grift
> <dominick.grift@xxxxxxxxx> wrote:
> > You might want to check out the semanage --equiv option. (man semanage)
> >
> > That basically allows you to alias existing file context structures:
> >
> > heres an example from man semanage:
> >
> >       For home directories under top level directory, for
> > example /disk6/home,
> >        execute the following commands.
> >        # semanage fcontext -a -t home_root_t "/disk6"
> >        # semanage fcontext -a -e /home /disk6/home
> >        # restorecon -R -v /disk6
> >
> > so in your case you might want to make /data equivalent to / or
> > something
> >
> > semanage fcontext -a -e / /data
> > restorecon -R -v -F /data
> >
> > That should label /data root_t, /data/var var_t, /data/var/lib var_lib_t
> > etc.
> >
> > just as if it was your main file system.
> >
> 
> So this sounds exactly what i would like to do with my Luks encrytped
> USB back up drive.
> 
> Unfortunately, I'm stumbling across the fact that the drive is
> 'automagically' mounted (when I login or power it on), and it gets
> mounted on /run/media/tbl/Backup1TB:
> 
> /dev/mapper/luks-94a9d7d7-f819-4c2c-b735-81bb28db0426 on
> /run/media/tbl/Backup1TB type ext4
> (rw,nosuid,nodev,relatime,seclabel,data=ordered,uhelper=udisks2)
> 
> The 'semanage -e' command spews:
> 
> [root@tlondon ~]# semanage fcontext -a -e / /run/media/tbl/Backup1TB/X200
> /sbin/semanage: File spec /run/media/tbl/Backup1TB/X200 conflicts with
> equivalency rule '/run /var/run'; Try adding
> '/var/run/media/tbl/Backup1TB/X200' instead
> [root@tlondon ~]#
> 
> Appears that '/var/run/media' doesn't exist on my system (I guess /run
> and /var/run are not really 'equivalent'?).
> 
> This an issue with my system (e.g., do I need an explicit entry in
> fstab or some such)? With the scaffolding that deals with /run and
> /var/run? Other?  Should this work?

I think the issue is due to using "-e" on a location that is already
"-e'd"

/run is equivalent to /var/run, it seems that you cant currently make
such a location equivalent to something else again.

This is something to consider...


> Thanks,
>    tom


--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux