SELinux - a question about external drive after upgrade

Mike mike.cloaked at gmail.com
Fri Oct 3 16:10:34 UTC 2008


Daniel J Walsh <dwalsh <at> redhat.com> writes:

> If you are going to be moving this disk back and forth between selinux
> enabled and disabled machines, and the files back and forth on the disk,
> you really should use a context mount on the SELinux platform to ignore
> labels on the disk.

I hope not to do so but could envisage a need very occasionally.

The other thing I note is that reading "man mount" gives options
context, fscontext and defcontext - on the first time I do this I am 
unclear as to whether a fsmount with the appropriate context would then
set up the existing filesystem with the new context, and then using
rsync -aXH from another machine on the LAN to re-write the files on the
drive attached to the desktop would then correctly assign the backup files
with the same contexts as on the source laptop?

That way presumably only the filesystem would have contexts until individual
files were overwritten during the rsync backup? Using restorecon before this
would presumably then write contexts into all files on the backup drive, 
which I usually have in a number of different directories to house backups
from a number of different machines.

It would be nice to understand enough so that I have a chance to get it right
once I do this for real after upgrading the main machine.

The other question I am unsure about is once the external drive has been
correctly mounted and a context assigned, and a set of backup files written
with contexts - then the next time I plug in the drive would it be mounted
automatically with the contexts visible - or would I have to mount it
"manually" with the appropriate context options?




More information about the fedora-list mailing list