Re: Try II: selinux, xfs, and CentOS 6 and 5 issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 06/02/2015 11:30 AM, m.roth@xxxxxxxxx wrote:
> Tried just the selinux list yesterday, no answers, so I'm trying again.
>
> I partitioned GPT, and formatted, as xfs,  a large (3TB) drive on a CentOS
> 6 system, which has selinux in permissive mode. I then moved the drive to
> a CentOS 5 system. When we run a copy (it mirror-copies from another
> system), we get a ton of errors. I discovered that the CentOS 5 system was
> enforcing. I changed it to permissive, I labelled the directories and
> files w/ semanage, did a restorecon, and even did a fixfiles, and *then* I
> tried /.autorelabel and rebooted, and we still get a ton of errors:
> Jun  1 17:01:32 <server> kernel: inode_doinit_with_dentry: 
> context_to_sid(unconfined_u:object_r:file_t:s0) returned 22 for dev=sdd1
> ino=2151541032
>
> I had to reboot to disabled to get it to shut up.
>
> So: is there something that selinux does in CentOS 6 that is in the
> labelling on the xfs filesystem that I can do something about on the
> CentOS 5 system, or do I just have to leave selinux disabled (until, maybe
> in the next year, we can rebuild to 7....)?
>
>        mark
>
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
SELinux on RHEL5 did not have a MLS field in the label, so the directory
can not be used by both rhel5 and RHEL6 easily.

If all of the content on the device is going to be labeled the same,
then just use a context mount option

context="system_u:object_r:usr_t:s0"  for example.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux