SElinux on upgraded machines
Chuck Anderson
cra at WPI.EDU
Fri Dec 12 15:43:57 UTC 2008
On Fri, Dec 12, 2008 at 07:15:51AM -0800, Mike Cloaked wrote:
> Exactly - as an example I happen to use crossover to run the "other" office
> applications, and this sits in /opt/cxoffice - in order to make this work
> without avc denials I had to semanage fcontext to add a context of
> textrel_shlib_t for that directory and its subdirectories to stop particular
> denials.
You could always ask Dan Walsh to add policy for common third-party
apps. I don't believe he is against doing this. File a bugzilla
against selinux-policy or discuss on fedora-selinux-list or the
upstream selinux list.
> Another instance I had was to put mail spool files that I keep from local
> imap stored in /opt/Local/spool/mail and bind mount to /var/spool/mail and
> again the contexts had to be changed to mail_spool_t but I doubt if a
> restorecon on the raw /opt partition would set the contexts automatically
> before they are bind mounted onto the root partition area.
No, you would restorecon /var/spool/mail, not /opt/Local/spool/mail.
> Either way as you say if you know what you are doing then you can indeed
> work with it. One interesting statistic might be to know what percentage of
> Fedora systems are currently running SElinux enabled?
>
> I wonder if this information could be found?
Does smolt have this?
More information about the fedora-test-list
mailing list