|
On 03/28/2014 05:48 PM, Jonathan Abbey
wrote:
If his directory is going to be a subdir of /local-home Then just doHi, folks. In our laboratory, we have an NIS / automounted NFS environment in which every NIS user gets placed under an automounted /home. For one of our users on Fedora 20, I'm attempting to give him an auxiliary local account whose home directory is mounted under /local-home/, and I'm trying to figure out how to tell SELinux that everything under /local-home should be treated analogously to how it would be treated under /home. Unfortunately, I've not yet figured out the magic incantation to do this. I found /etc/selinux/targeted/contexts/files/file_contexts.homedirs, and I was able to copy that and sed it with s/\/home/\/local-home/, after which I could then do a setfiles on my copy to set the appropriate labels on his existing /local-home/username directory, but this is obviously just temporarily curing the symptom rather than fixing the policy appropriately for local accounts going forward. I expect that there are policy editing tools that I could use to fix the policy up, for all pre-defined file contexts, but I don't know how to do that efficiently. Nor do I know how to arrange things so that third party policy modules that might be installed later (like for Google's Chrome RPM?) would inherit the new file_context rules for /local-home appropriately. Any hints would be extremely helpful. Thanks, Jon # semanage fcontext -a -e /home /local-home # restorecon -R -v /local-home If his homedir is /local-home then you need to get creative # semanage fcontext -a -e /home/foobar /local-home # restorecon -R -v /local-home Should get you the correct labels. |
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
