On my system I have home directories in /var/home and bind mounted to /home:
/var/home on /home type none (rw,bind)
Is there any way to prevent restorecon on /var from descending into /var/home and destroying the normal home directory file contexts? Reproducing all of file_contexts.homedirs in local policy is of course unmaintainable.
On Wed, 30 Dec 2009 18:52:02 -0600 Robert Nichols rnicholsNOSPAM@comcast.net wrote:
On my system I have home directories in /var/home and bind mounted to /home:
/var/home on /home type none (rw,bind)
Is there any way to prevent restorecon on /var from descending into /var/home and destroying the normal home directory file contexts? Reproducing all of file_contexts.homedirs in local policy is of course unmaintainable.
You can make the file contexts for /var/home match those for /home very easily on F-11 onwards:
# semanage fcontext -a -e /home /var/home
See http://danwalsh.livejournal.com/2009/04/09/ for Dan's blog on file context equivalency.
On a slightly related issue, I note that current selinux-policy packages do a restorecon on the contents of /var/lib, which on my mock buildsystem is *huge* (all buildroots live under /var/lib/mock) and takes a very long time indeed. I wonder what the problem is that this behaviour is trying to solve?
Paul.
Paul Howarth wrote:
On Wed, 30 Dec 2009 18:52:02 -0600 Robert Nichols rnicholsNOSPAM@comcast.net wrote:
On my system I have home directories in /var/home and bind mounted to /home:
/var/home on /home type none (rw,bind)
Is there any way to prevent restorecon on /var from descending into /var/home and destroying the normal home directory file contexts? Reproducing all of file_contexts.homedirs in local policy is of course unmaintainable.
You can make the file contexts for /var/home match those for /home very easily on F-11 onwards:
# semanage fcontext -a -e /home /var/home
See http://danwalsh.livejournal.com/2009/04/09/ for Dan's blog on file context equivalency.
TYVM. Perhaps someday the manpage for semanage will include some mention of that "-e" flag.
On 12/31/2009 12:18 PM, Robert Nichols wrote:
Paul Howarth wrote:
On Wed, 30 Dec 2009 18:52:02 -0600 Robert Nichols rnicholsNOSPAM@comcast.net wrote:
On my system I have home directories in /var/home and bind mounted to /home:
/var/home on /home type none (rw,bind)
Is there any way to prevent restorecon on /var from descending into /var/home and destroying the normal home directory file contexts? Reproducing all of file_contexts.homedirs in local policy is of course unmaintainable.
You can make the file contexts for /var/home match those for /home very easily on F-11 onwards:
# semanage fcontext -a -e /home /var/home
See http://danwalsh.livejournal.com/2009/04/09/ for Dan's blog on file context equivalency.
TYVM. Perhaps someday the manpage for semanage will include some mention of that "-e" flag.
Open a bugzilla please.
Daniel J Walsh wrote:
On 12/31/2009 12:18 PM, Robert Nichols wrote:
Paul Howarth wrote:
[SNIP]
You can make the file contexts for /var/home match those for /home very easily on F-11 onwards:
# semanage fcontext -a -e /home /var/home
See http://danwalsh.livejournal.com/2009/04/09/ for Dan's blog on file context equivalency.
TYVM. Perhaps someday the manpage for semanage will include some mention of that "-e" flag.
Open a bugzilla please.
Finally got a round tuit. https://bugzilla.redhat.com/show_bug.cgi?id=553469
selinux@lists.fedoraproject.org