[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: selinux-policy-3.5.13-46.fc10.noarch - slight hiccup!





Daniel J Walsh wrote:
> 
> 
> Yes if you bind mount a usr_t directory without telling the system about
> it, it could cause labeling problems.
> 
> For example, if you store your homedirs in /usr/myhome/dwalsh and bind
> mount this over /home/dwalsh.  SELinux will label the directory usr_t
> since /usr/myhome/dwalsh defaults to a usr_t label.  If you bind mount
> it over /home/dwalsh and run restorecon on /home/dwalsh it will label it
> properly.  But depending on which directory have restorecon run on it
> you can get different results.  Usually we only have small relabels that
> happen on policy upgrades, so it probably never hit this directory.  But
> this update seems to have triggered a larger relabel something like
> 
> restorecon -R -v /usr
> 
> 
> So the problem in SELinux is we do not have an easy way to say
> /usr/myhome == /home
> or /usr/myhome/dwalsh == /home/dwalsh
> 
> 

OK - in my case it is different on different machines - in one case for
example I have /opt/Local/home bind mounted over /home as well as
/opt/Local/mail bind mounted over /var/spool/mail - and this is very common
for me so that the user areas and mail spools are not over-written during a
clean install at the next version of Fedora - so this issue is of major
importance to me.

On another system /home/opt is bind mounted over /opt as well as an
analogous mail bind mount.

In all cases the contexts had been set for the directories soon after F10
was installed and the system was seeing these correct contexts in the bind
mounted directories ever since until last night.  The update then broke the
contexts for these directories until a manual restorecon, which is how I
understand your comments above? 


-- 
View this message in context: http://www.nabble.com/selinux-policy-3.5.13-46.fc10.noarch---slight-hiccup%21-tp22296524p22310595.html
Sent from the Fedora List mailing list archive at Nabble.com.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]