-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/19/2012 04:24 PM, Tom London wrote: > On Tue, Aug 14, 2012 at 2:21 PM, Dominick Grift <dominick.grift@xxxxxxxxx> > wrote: >> You might want to check out the semanage --equiv option. (man semanage) >> >> That basically allows you to alias existing file context structures: >> >> heres an example from man semanage: >> >> For home directories under top level directory, for example /disk6/home, >> execute the following commands. # semanage fcontext -a -t home_root_t >> "/disk6" # semanage fcontext -a -e /home /disk6/home # restorecon -R -v >> /disk6 >> >> so in your case you might want to make /data equivalent to / or >> something >> >> semanage fcontext -a -e / /data restorecon -R -v -F /data >> >> That should label /data root_t, /data/var var_t, /data/var/lib var_lib_t >> etc. >> >> just as if it was your main file system. >> > > So this sounds exactly what i would like to do with my Luks encrytped USB > back up drive. > > Unfortunately, I'm stumbling across the fact that the drive is > 'automagically' mounted (when I login or power it on), and it gets mounted > on /run/media/tbl/Backup1TB: > > /dev/mapper/luks-94a9d7d7-f819-4c2c-b735-81bb28db0426 on > /run/media/tbl/Backup1TB type ext4 > (rw,nosuid,nodev,relatime,seclabel,data=ordered,uhelper=udisks2) > > The 'semanage -e' command spews: > > [root@tlondon ~]# semanage fcontext -a -e / /run/media/tbl/Backup1TB/X200 > /sbin/semanage: File spec /run/media/tbl/Backup1TB/X200 conflicts with > equivalency rule '/run /var/run'; Try adding > '/var/run/media/tbl/Backup1TB/X200' instead [root@tlondon ~]# > > Appears that '/var/run/media' doesn't exist on my system (I guess /run and > /var/run are not really 'equivalent'?). > > This an issue with my system (e.g., do I need an explicit entry in fstab or > some such)? With the scaffolding that deals with /run and /var/run? Other? > Should this work? > > Thanks, tom > Yes it is telling you about a double equivalence. systemd guys have suggested that we reverse the equivalence. since /var/run does not really exist anymore, they suggested we move to /var/run -> /run rather then what we currently have /run -> /var/run. My concern with this switch would be if users/package developers had already added file context for /var/run -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAyCpMACgkQrlYvE4MpobO5wgCfdRVrB/xGOiHjCME8jX9wUYOC sw4AoOVSv9uAKByYi7c0UVNn2hwX5k/E =x56+ -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
