FC5: what context should I use for extra ext3 filesystems?

[Mike Carney]

Daniel J Walsh wrote:

> Mike Carney wrote:
>> Greetings,
>>
>> I've got a couple of extra filesystems I use for various reasons which
>> currently have a default_t context. I mount them under a new directory
>> "/export", which I've set to mnt_t:
>>
>> /dev/sda9 on /export/0 type ext3 (rw)
>> /dev/sdb9 on /export/1 type ext3 (rw)
>> /dev/sdb10 on /export/2 type ext3 (rw)
>>
>> 203# ls -dZ /export /export/*
>> drwxr-xr-x  root     root     system_u:object_r:mnt_t          /export/
>> drwxr-xr-x  root     root     system_u:object_r:default_t      /export/0/
>> drwxr-xr-x  root     root     system_u:object_r:default_t      /export/1/
>> drwxr-xr-x  root     root     system_u:object_r:default_t      /export/2/
>> 204#
>>
>> Any guidance as to what context should I set these file system mount
>> points to? mnt_t? usr_t? How do I specify using semanage that I don't
>> want the relabel to propogate to subdirectories? (e.g., <<none>>).
>>   
> Depends on what you want to do with them.  You can leave them as
> default_t, if you do not want a confined domain
> to touch them.  If you need some confined domains to touch them you will
> need to set context appropriately.
>> Thanks in advance,

Hi Dan, thanks for the response. Right now I simply want to set the
contexts for the /export and the mount directories within that directory
(/export/{0,1,2}) without having that context propagate to
subdirectories simply to make hald happy. Later, when I've learned more
about SELinux, I'll make other adjustments.

So, some guidance as to what context those directories should be
(mnt_t or usr_t) and the proper incantation to get semanage to accept
"<<none>>" as the "no relabel" token.

Thanks!