Chuck Anderson-7 wrote: > > >> technique... but it depends what else is stored on the original /opt >> partition apart from /opt/Local/other_stuff and /opt/otherstuff ! > > Why? Bind mounts only graft the subtree to the new location. The > other stuff in /opt is untouched (and the original /opt/Local/home is > still there too). If you want to make non-standard stuff in /opt > work, then you will need to write policy or at least file label rules > with "semanage fcontext". > > Exactly - as an example I happen to use crossover to run the "other" office applications, and this sits in /opt/cxoffice - in order to make this work without avc denials I had to semanage fcontext to add a context of textrel_shlib_t for that directory and its subdirectories to stop particular denials. I guess that installing from scratch in the same area would create correct contexts (maybe ?) but that is 3rd party software so may not follow Fedora targeted policy? Mostly of course packages are likely to come from either Fedora repos or related repos such as RPMFusion but some people will install other packages and expect them to work also - eg video packages or other things that are installed from tarballs, or compiled. I guess if people find bugs they can post upstream and hope that problems are resolved there in that kind of situation, or is that naive? Another instance I had was to put mail spool files that I keep from local imap stored in /opt/Local/spool/mail and bind mount to /var/spool/mail and again the contexts had to be changed to mail_spool_t but I doubt if a restorecon on the raw /opt partition would set the contexts automatically before they are bind mounted onto the root partition area. Either way as you say if you know what you are doing then you can indeed work with it. One interesting statistic might be to know what percentage of Fedora systems are currently running SElinux enabled? I wonder if this information could be found? -- View this message in context: http://www.nabble.com/SElinux-on-upgraded-machines-tp20973024p20977613.html Sent from the Fedora Test List mailing list archive at Nabble.com. -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
