bind-mounted homedirs
Paul Howarth
paul at city-fan.org
Mon Jan 26 20:31:47 UTC 2009
On Mon, 26 Jan 2009 15:18:05 -0500
Daniel J Walsh <dwalsh at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Paul Howarth wrote:
> > On a RHEL 5 server I have bind-mounted home directories, where the
> > data on the server actually lives in /srv/homes but this is
> > bind-mounted to /nis-home. The user home directories in LDAP refer
> > to the /nis-home locations.
> >
> > When I updated to the 5.3 selinux policy, everything
> > under /srv/homes got relabelled based on the /srv/homes pathname
> > rather than the /nis-home pathname. What would be the best way of
> > preventing this from happening in the future?
> >
> > Paul.
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
> You can setup the labeling using semanage.
>
>
> semanage fcontext -a -t home_root_t /srv/homes
> semanage fcontext -a -t user_home_dir_t -f-d '/srv/homes/[^/]*'
> semanage fcontext -a -t user_home_t '/srv/homes/[^/]*/.+'
That gets the majority of things right but misses things like
~/.spamassassin (spamassassin_home_t).
Is there a way of seeing the full set of homedir contexts that would
include additions from local policy modules? At least with that I'd be
able to replicate them to /srv/homes/
Paul.
More information about the fedora-selinux-list
mailing list