the labeling procedure
Stephen Smalley
sds at tycho.nsa.gov
Mon Jun 27 17:58:20 UTC 2005
On Mon, 2005-06-27 at 13:35 -0400, Steve Brueckner wrote:
> Actually I am developing here. My problem is that I have a huge chroot
> directory (basically a full duplicate of the whole system) and I want to get
> everything in there labeled as if it was outside chroot. To do this I
> duplicated file_contexts/types.fc and used sed to prepend the chroot
> directory to every line. It seems to work pretty well, but I'm still having
> trouble getting the user home directories inside chroot labeled properly.
> The homedirs macros and files are apparently throwing me.
>
> I'd appreciate any suggestions on a better way to label the chroot
> filesystem. And any ideas on how to get those chrooted homedirs labeled
> correctly.
If you want to apply the same contexts, you can use setfiles -r.
But note that there can be an advantage to using separate types on the
chroot'd environment, and then not allowing any access by that process'
domain to the base types used on the real filesystem.
Any chance you can update to FC4?
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list