SELinux - a question about external drive after upgrade
Daniel J Walsh
dwalsh at redhat.com
Fri Oct 3 17:07:12 UTC 2008
Mike wrote:
> Daniel J Walsh <dwalsh <at> redhat.com> writes:
>
>> If you mount with a "context=" flag no context will get placed on the disk.
>>
>> You may/probably do not want the files on this backup to have the
>> labels, and often are better off calling restorecon when placing them
>> back on disk. If you have different policies on different machines, the
>> layout of file context maybe different and in some cases the types on
>> one machine might not be understood on another.
>>
>> By placing the files back on a machine and running restorecon, you are
>> saying that you want the files labeled according to the policy of the
>> current machine.
>
> Thanks Dan - generally true although I have modified some contexts without
> having an associated policy so some of the individual files would need to
> then be amended after a restorecon... which was why I thought that the
> way to go was to backup with exactly the contexts from the originating
> machine with the intention that the files from backup would only ever
> be used on the originating machine in the event of lost files or
> some other catastrophe.
>
> Would that be appropriate in this case?
>
Yes that should work
> Your help is appreciated on this.
>
>
>
>
You can change the labeling with semanage fcontext of course to make
restorecon do the right thing.
More information about the fedora-list
mailing list