bind-mounted homedirs
Paul Howarth
paul at city-fan.org
Wed Feb 18 09:54:33 UTC 2009
Stephen Smalley wrote:
> On Thu, 2009-01-22 at 14:15 +0000, Paul Howarth wrote:
>> On a RHEL 5 server I have bind-mounted home directories, where the data
>> on the server actually lives in /srv/homes but this is bind-mounted to
>> /nis-home. The user home directories in LDAP refer to the /nis-home
>> locations.
>>
>> When I updated to the 5.3 selinux policy, everything under /srv/homes
>> got relabelled based on the /srv/homes pathname rather than the
>> /nis-home pathname. What would be the best way of preventing this from
>> happening in the future?
>
> If you just want to prevent automatic relabeling from touching that tree
> at all, just add a "<<none>>" entry for it to file_contexts, e.g.
>
> semanage fcontext -a -t "<<none>>" "/srv/homes(/.*)?"
Excellent! That seems to work perfectly - though I prefer to use a local
policy module rather than semanage for these things:
localmisc.fc:
...
# Don't touch stuff here
/srv/homes(/.*)? <<none>>
...
Paul.
More information about the fedora-selinux-list
mailing list