Am 25.11.2017 um 19:10 schrieb Gionatan Danti: > Being a regular user of selinux, I often face situations where some > common directories (es: /var/log or /var/lib) needs to be redirected > to other partitions/volumes. > > I very simple approach, without impacting selinux at all, is to mount > a volume in the precise path I need to replace - ie mount > /dev/vg_test/lv_lib in /var/lib. However, this is a > one-volume-for-directory approach and I would like to avoid it. > > The other possibility is to create single big volume with multiple > directories, mount it, and > > 1) symlink the original dir (ie: /var/log) to the new one (ie: > /mnt/volume/var/log); > 2) use a bind mount to re-mount the destination dir > (/mnt/volume/var/log) on the original one (/var/log). > > The symlink approach is self-explaining, as anyone listing the > original directory will immediately notice it. However, it sometime > require extensive customization of the selinux policy, a thing I try > hard to avoid. Did you use the equivalence option of semanage fcontext for /mnt/volume/var/log? semanage fcontext -a -e /home /mnt/volume/var/log see also: https://danwalsh.livejournal.com/27571.html - Thomas _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
