FC5: what context should I use for extra ext3 filesystems?

Daniel J Walsh dwalsh at redhat.com
Fri Apr 14 17:26:31 UTC 2006 

Mike Carney wrote:
> Daniel J Walsh wrote:
>
>   
>> Mike Carney wrote:
>>     
>>> Greetings,
>>>
>>> I've got a couple of extra filesystems I use for various reasons which
>>> currently have a default_t context. I mount them under a new directory
>>> "/export", which I've set to mnt_t:
>>>
>>> /dev/sda9 on /export/0 type ext3 (rw)
>>> /dev/sdb9 on /export/1 type ext3 (rw)
>>> /dev/sdb10 on /export/2 type ext3 (rw)
>>>
>>> 203# ls -dZ /export /export/*
>>> drwxr-xr-x  root     root     system_u:object_r:mnt_t          /export/
>>> drwxr-xr-x  root     root     system_u:object_r:default_t      /export/0/
>>> drwxr-xr-x  root     root     system_u:object_r:default_t      /export/1/
>>> drwxr-xr-x  root     root     system_u:object_r:default_t      /export/2/
>>> 204#
>>>
>>> Any guidance as to what context should I set these file system mount
>>> points to? mnt_t? usr_t? How do I specify using semanage that I don't
>>> want the relabel to propogate to subdirectories? (e.g., <<none>>).
>>>   
>>>       
>> Depends on what you want to do with them.  You can leave them as
>> default_t, if you do not want a confined domain
>> to touch them.  If you need some confined domains to touch them you will
>> need to set context appropriately.
>>     
>>> Thanks in advance,
>>>       
>
> Hi Dan, thanks for the response. Right now I simply want to set the
> contexts for the /export and the mount directories within that directory
> (/export/{0,1,2}) without having that context propagate to
> subdirectories simply to make hald happy. Later, when I've learned more
> about SELinux, I'll make other adjustments.
>   
Ok lets fix hal then.  What is it complaining about?
> So, some guidance as to what context those directories should be
> (mnt_t or usr_t) and the proper incantation to get semanage to accept
> "<<none>>" as the "no relabel" token.
>
> Thanks!
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>

More information about the fedora-selinux-list mailing list