SELinux - a question about external drive after upgrade
Daniel J Walsh
dwalsh at redhat.com
Fri Oct 3 15:55:41 UTC 2008
Mike wrote:
> Daniel J Walsh <dwalsh <at> redhat.com> writes:
>
>> You can easily lay context down by running restorecon on the USB drive
>> at the mountpoint. Or just set it up to mount the disk with a countext.
>> Something like system_u:object_r:removable_t:s0.
>
> Thanks Dan - I will have to try this out once I have upgraded the main desktop
> to F9 with SELinux.
>
> I presume that using "rsync -aXH" from a laptop on the LAN and targetting
> the mountpoint on the desktop where the external usb drive is attached
> will then preserve contexts on the usb drive for the backup?
>
> At least this looks like it should work once I have the external drive
> mounted with the appropriate context...
>
> One other question I don't know the answer to is whether once this has
> been done - if the USB drive is then attached to a different machine that is
> running with SELinux disabled if that would cause problems or if the contexts
> would simply be ignored?
It should be ignored.
>
> The scenario would be that the drive is taken to another machine to restore
> files but that machine is SELinux disabled.
>
> I guess I still have plenty to learn about SELinux!
>
>
>
>
If you are going to be moving this disk back and forth between selinux
enabled and disabled machines, and the files back and forth on the disk,
you really should use a context mount on the SELinux platform to ignore
labels on the disk.
More information about the fedora-list
mailing list