SElinux on upgraded machines

[Mike Cloaked]

Chuck Anderson-7 wrote:
> 
> 
> No, this would be bad.  Fresh installs of F9 or F10 work just fine 
> with SELinux enabled as a desktop system, as long as you don't try to 
> integrate older filesystems or NFS as the OP stated.  Even /home 
> migrates cleanly with just a simple restorecon -R /home in most cases.
> 
> 

In my case I have a separate /opt partition containing a /home directory
which is not touched during installs.
In this case I have to link in /opt/Local/home on the /opt partition to
/home on the root partition to get the user areas onto the new system.

In the old days moving /home out of the way and symlinking /opt/Local/home
to /home was all that was necessary to get back running for the users (apart
from restoring the user lines in /etc/passwd and related files).  With
SElinux enabled this does not work as far as I can tell, and it is necessary
to bind mount /home to /opt/Local/home - but I am not sure if then a
restorecon will fix everything up?  I then had to go carefully through all
the directories to check contexts were right, and I do now have two F9
machines and two F10 machines running with SElinux enabled using this
technique... but it depends what else is stored on the original /opt
partition apart from /opt/Local/other_stuff and /opt/otherstuff !

I expect that the amount of work over the years in getting programs and data
stored in such partitions is huge and many old hands will only contemplate
transitioning to SElinux if that pain is minimised.  I made a conscious
decision to go that route and it did add a lot of hours but I am now much
happier that I now have SElinux enabled machines - but it is certainly a
learning curve. 
-- 
View this message in context: http://www.nabble.com/SElinux-on-upgraded-machines-tp20973024p20976784.html
Sent from the Fedora Test List mailing list archive at Nabble.com.