On Fri, Dec 12, 2008 at 07:15:51AM -0800, Mike Cloaked wrote: > Exactly - as an example I happen to use crossover to run the "other" office > applications, and this sits in /opt/cxoffice - in order to make this work > without avc denials I had to semanage fcontext to add a context of > textrel_shlib_t for that directory and its subdirectories to stop particular > denials. You could always ask Dan Walsh to add policy for common third-party apps. I don't believe he is against doing this. File a bugzilla against selinux-policy or discuss on fedora-selinux-list or the upstream selinux list. > Another instance I had was to put mail spool files that I keep from local > imap stored in /opt/Local/spool/mail and bind mount to /var/spool/mail and > again the contexts had to be changed to mail_spool_t but I doubt if a > restorecon on the raw /opt partition would set the contexts automatically > before they are bind mounted onto the root partition area. No, you would restorecon /var/spool/mail, not /opt/Local/spool/mail. > Either way as you say if you know what you are doing then you can indeed > work with it. One interesting statistic might be to know what percentage of > Fedora systems are currently running SElinux enabled? > > I wonder if this information could be found? Does smolt have this? -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
