Chuck Anderson-7 wrote: > > > No, this would be bad. Fresh installs of F9 or F10 work just fine > with SELinux enabled as a desktop system, as long as you don't try to > integrate older filesystems or NFS as the OP stated. Even /home > migrates cleanly with just a simple restorecon -R /home in most cases. > > In my case I have a separate /opt partition containing a /home directory which is not touched during installs. In this case I have to link in /opt/Local/home on the /opt partition to /home on the root partition to get the user areas onto the new system. In the old days moving /home out of the way and symlinking /opt/Local/home to /home was all that was necessary to get back running for the users (apart from restoring the user lines in /etc/passwd and related files). With SElinux enabled this does not work as far as I can tell, and it is necessary to bind mount /home to /opt/Local/home - but I am not sure if then a restorecon will fix everything up? I then had to go carefully through all the directories to check contexts were right, and I do now have two F9 machines and two F10 machines running with SElinux enabled using this technique... but it depends what else is stored on the original /opt partition apart from /opt/Local/other_stuff and /opt/otherstuff ! I expect that the amount of work over the years in getting programs and data stored in such partitions is huge and many old hands will only contemplate transitioning to SElinux if that pain is minimised. I made a conscious decision to go that route and it did add a lot of hours but I am now much happier that I now have SElinux enabled machines - but it is certainly a learning curve. -- View this message in context: http://www.nabble.com/SElinux-on-upgraded-machines-tp20973024p20976784.html Sent from the Fedora Test List mailing list archive at Nabble.com. -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
