What is the proper context for .strigi?
Stephen Smalley
sds at tycho.nsa.gov
Mon Jun 16 16:18:44 UTC 2008
On Mon, 2008-06-16 at 16:51 +0100, Paul Howarth wrote:
> Daniel B. Thurman wrote:
> > I have run into a problem of limted space for .strigi
> > which was located in my home directory, so I decided
> > to move ~/.strigi to another partition with ample space
> > and created a symbolic link from ~/.strigi to the new
> > location on a different partition.
> >
> > Selinux is reporting:
> > SELinux is preventing strigidaemon (unconfined_t) "mmap_zero" to
> > <Unknown> (unconfined_t).
> >
> > So, what is the proper context for .strigi and all of the files/directories
> > contained within?
>
> You'll find that bind mounts work much better than symlinks from an
> SELinux point of view.
>
> This reminds me to ask though, where is homedir_template as used by
> genhomedircon now? I can't find it in Fedora 9 and anything I've tried
> editing that looks like it might be it gets overwritten when I run
> genhomedircon.
genhomedircon functionality was taken into libsemanage in order to
address various problems with the external implementation, and
homedir_template is generated (from template entries in the .fc files)
and used within the module sandbox, not made externally accessible.
/usr/sbin/genhomedircon is now just a script that invokes semodule -Bn
to regenerate the policy.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list