Re: SElinux on upgraded machines

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Dec 12, 2008 at 07:15:51AM -0800, Mike Cloaked wrote:
> Exactly - as an example I happen to use crossover to run the "other" office
> applications, and this sits in /opt/cxoffice - in order to make this work
> without avc denials I had to semanage fcontext to add a context  of
> textrel_shlib_t for that directory and its subdirectories to stop particular
> denials.

You could always ask Dan Walsh to add policy for common third-party 
apps.  I don't believe he is against doing this.  File a bugzilla 
against selinux-policy or discuss on fedora-selinux-list or the 
upstream selinux list.

> Another instance I had was to put mail spool files that I keep from local
> imap stored in /opt/Local/spool/mail and bind mount to /var/spool/mail and
> again the contexts had to be changed to mail_spool_t but I doubt if a
> restorecon on the raw /opt partition would set the contexts automatically
> before they are bind mounted onto the root partition area.

No, you would restorecon /var/spool/mail, not /opt/Local/spool/mail.

> Either way as you say if you know what you are doing then you can indeed
> work with it. One interesting statistic might be to know what percentage of
> Fedora systems are currently running SElinux enabled?
> 
> I wonder if this information could be found?  

Does smolt have this?

-- 
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: 
https://www.redhat.com/mailman/listinfo/fedora-test-list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux