Re: selinux & external hd permissions.

[Justin Conover <justin conover gmail com>]

On 6/11/05, Valdis Kletnieks vt edu <Valdis Kletnieks vt edu> wrote:
> On Sat, 11 Jun 2005 11:28:20 CDT, Justin Conover said:
> 
> > Question is, if that server is running SELinux on CentOS 4.0 and I
> > back stuff up to that exteranl drive, will other box's be able to read
> > that exteranl drive?  In the chance that hardware fails and I need to
> > be able to look at that data on another box?
> 
> SELinux will enter into it very little.  Just make sure that the drive is using
> a file system the other box has support for.  A bigger issue will be "does
> the other box have support for your file system?".  Using reiserfs may be
> a problem if the other box doesn't have it, and even ext3 will be.. interesting..
> if the other box is a Windows box (in which case you're probably better off
> just making the FS fat32 and mounting it on your SELinux box with fscontext=)
> 
> Please note that if the other box *writes* to the file system, you'll probably
> need to run 'restorecon' on it when you mount it back on the SELinux-bsed box
> before things will really work right, and you are the mercy of the other box'es
> security while it's mounted there.
> 
> If you trust the other box to not leave a Trojan on the file system, the quick
> answer is "go for it, and restorecon when it comes back".  If you don't trust
> the other box, then it gets a lot more interesting....
> 
The Server is CentOS 4.0 with ext3 and SELinux enabled, all my other
box's are Fedora/rawhide using selinux.  My wife has two windows box's
and the only reason I would connect it to her's is if there was some
kind of problem haveing another selinux box read the fs, so thats why
I thought maybe it would be best to just put fat32 on there.  If the
other selinux box's can read it then I wont worry about it.  Also the
only reason I would mv the exteranl drive off my server is if there
was a hardware failure in the server and had to recover the data.