autorelabel and changed security contexts
Daniel J Walsh
dwalsh at redhat.com
Wed Mar 29 21:14:57 UTC 2006
Florin Andrei wrote:
> I've a FC4 server that's slightly customized:
> - /var/lib/imap and /var/spool/imap are moved to /home/cyrus (and /home
> is a separate partition)
> - /var/spool/squid is moved to another place (separate partition)
> - /var/lib/mysql is moved to another place (separate partition)
> - /var/log is on it's own partition
>
> I customized the policy so that Cyrus IMAPd can access /home/cyrus
> properly. But then I did "touch /.autorelabel; reboot" and Cyrus broke
> completely. Upon investigation, I noticed that the security contexts of
> the Cyrus folders in /home/cyrus were altered, from e.g.
> system_u:object_r:cyrus_var_lib_t to... I forgot to what - something
> else anyway.
>
> Questions:
>
> Why autorelabel changes the security contexts?
>
> How can I tell autorelabel to leave alone /home/cyrus (or give it the
> security contexts that I want those files to have)?
>
You need to modify file_context.local to match the context you want.
> I am asking these questions because I want to upgrade the server to FC5,
> keep the partitioning scheme, but avoid the multiple and annoying
> SELinux issues I had when I installed FC4 on that machine.
>
> So I guess the questions are at the same time for FC4 and FC5.
>
>
In fc5 you can use semanage to make these changes.
More information about the fedora-selinux-list
mailing list