Being a regular user of selinux, I often face situations where some
common directories (es: /var/log or /var/lib) needs to be redirected to
other partitions/volumes.
I very simple approach, without impacting selinux at all, is to mount a
volume in the precise path I need to replace - ie mount
/dev/vg_test/lv_lib in /var/lib. However, this is a
one-volume-for-directory approach and I would like to avoid it.
The other possibility is to create single big volume with multiple
directories, mount it, and
1) symlink the original dir (ie: /var/log) to the new one (ie:
/mnt/volume/var/log);
2) use a bind mount to re-mount the destination dir
(/mnt/volume/var/log) on the original one (/var/log).
The symlink approach is self-explaining, as anyone listing the original
directory will immediately notice it. However, it sometime require
extensive customization of the selinux policy, a thing I try hard to
avoid.
The bind mount approach is somewhat simpler from selinux standpoint, but
it much less discoverable by a simple "ls".
What do you feel is the preferred approach? I am missing something?
Thanks.
--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.danti@xxxxxxxxxx - info@xxxxxxxxxx
GPG public key ID: FF5F32A8
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
