Partitions Mounted by fstab
Arthur Dent
selinux.list at troodos.demon.co.uk
Wed Mar 5 15:16:18 UTC 2008
Hello Chaps,
I'm running SELinux in permissive mode on F8. I was thinking of switching to
enforcing mode and took a peek inside /var/log/messages to see what denials
SELinux is currently reporting. I was *horrified* - there must be thousands
there! Doing "cat /var/log/audit/audit.log" is even worse - it takes about a minute to
scroll through!
They mainly relate to procmail, clamd and samba but I get many reports of
incorrectly labelled files (file_t).
I want to tackle these one step at a time and I think the first place to start
is with the incorrectly labelled files.
I have tried the "touch ./autorelabel; reboot" trick (several times!) but I
still get the same errors.
As a mater of interest, I have a procmail recipe which writes a copy of every
mail I receive to a backup area on my /dev/sda8 partition, mounted as
/mnt/backup/ by fstab. (It is an ext3 partition).
I have tried doing:
"restorecon -v -R /mnt/backup"
and even:
"fixfiles relabel"
on this partition, but I gather this will not work. I think that I must
somehow define a policy for this (and probably other) partition(s), but I am
unclear as to how to go about this.
I am reasonably familiar with Linux generally, but am a complete SELinux
virgin (and frankly scared silly of it). I normally turn off SELinux as my
first action after installing a distro, but I think it's about time I got to
grips with its security benefits.
I would be very grateful therefore if someone could hold my hand through this
learning process!
I have to run this particular box headless and access via ssh so I have to do
everything with command-line tools.
Thanks in advance...
Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20080305/11baa453/attachment.sig>
More information about the fedora-selinux-list
mailing list