SElinux concerning symlink?

Stuart Sears stuart at sjsears.com
Thu Jul 24 23:11:27 UTC 2008 

Mike wrote:
> Craig White <craigwhite <at> azapple.com> writes:
> 
>> No - you really need a better solution because if anything/anyone 
>> relabels, the current policy will trash those settings.
>> 
>> Personally, I think you should probably mount what is /opt as /home
>> and that would fix most issues.
> 
> It would - but that would mean quite a bit of work - for next time
> round (F10) I may then need to re-partition to give separate /home
> and /opt partitions and then rsync files into them from backups.

You only have to get that right once, though, as you can preserve
existing partitions during the install if you wish.
I've done that a lot over time. There can be occasional issues with
GNOME (etc) but other than that, it often works just fine.

> Doing this adds a lot to the upgrade process over a reasonable number
> of machines.

hmmm... kickstart?
centrally stored homedirs and user mappings?
centrally stored mail?

> Also I will be doing another change which looks like it will cause
> SELinux issues since I move imap mail from the root partition into
> /opt so that on upgrade I still have all past mail available.

> Upgrading is a lot easier if /var/spool/mail can be moved out of the
> root partition and stored elsewhere.

it almost certainly can. It can be a separate filesystem if you wish.

if you insist on putting such things in /opt, just make sure you label
the directories/files correctly.

to be certain you do, examine the labels on a normal mailspool with ls -Z

here:

ls -Za /var/spool/mail

drwxrwxr-x  root mail system_u:object_r:mail_spool_t:s0 .
drwxr-xr-x  root root system_u:object_r:var_spool_t:s0 ..
-rw-rw----  rpc mail system_u:object_r:mail_spool_t:s0 rpc
-rw-rw----  USER mail system_u:object_r:mail_spool_t:s0 USER

Just make sure those labels match where you want to store your mail and
you may be able to symlink that as well. But do think about the labels 
on parent directories in the path to your mailspools.

cp -a /var/spool/mail /opt/local/

Will probably do the move for you.

Stuart
-- 
Stuart Sears RHCA etc.
"It's today!" said Piglet.
"My favourite day," said Pooh.

More information about the fedora-list mailing list