FC1 compatibility - was [Bug 119719] New: SELinux FAQ - SELinux FAQ - suggested questions on FC1 compatability

Daniel J Walsh dwalsh at redhat.com
Thu Apr 1 21:28:02 UTC 2004 

Karsten Wade wrote:

>-----Forwarded Message-----
>
>  
>
>>https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=119719
>>
>> 
>>Here are two questions likely to be frequently asked, missing from the
>>FAQ.  They belong right after "Q: I installed Fedora Core on a system
>>with an existing /home partition, and now I can't log in."
>>    
>>
>
>Thanks, good questions.
>
>Just because I'm brave, I'm going to start answers to these questions,
>but am hoping others will soon chime in and help with the final answers
>for the FAQ.  Please!
> 
>  
>
>>Q: If I relabel my existing /home partition after upgrading to FC2,
>>will I still be able to read it if I need to revert to FC1? (In other
>>words, am I burning my bridges when I run setfiles or fixfiles?)
>>    
>>
Newly created files will not have a context and if you remove an 
recreate a file it will not have a context.

>  
>You (should?) be able to read the files from an FC1 system, but if the
>FC1 system does not have SELinux installed or enabled, any writes it
>does to that partition will be without file context.  (Would this
>include changing timestamps?  What about writing to existing files which
>do have file contexts?)
>
>  
>
You can read the files on the fc1 system.  

Just newly created files.

>>Q: Can an NFS-mountable /home partition be shared by FC1 and FC2
>>installations?
>>    
>>
>
>Yes.  You can mount a non-SELinux partition with the context= option,
>e.g.:
>  
>
You can nfs mount off of a SELinux file system onto a non SELinux file 
system.  You can
also nfs mount a non SELinux file system on a SELinux machine.  By 
default all files are treated
as nfs_t context.  You can choose to override the default context by 
using the context option

>mount -t nfs -o context=system_u:object_r:tmp_t server:/some/path /mnt/wherever
>
>All of the files on the mount will appear to have the context
>system_u:object_r:tmp_t to SELinux.
>
>Any files written by a non-SELinux system will not have file contexts,
>and the contexts of existing files are affected how?
>
>  
>
Not true.  When SELinux exports the file system the files will end up 
with the default context of the \
directory they were created in.  The remote system has no effect on the 
file contexts.

>thx - Karsten
>  
>

More information about the fedora-selinux-list mailing list