-----BEGIN PGP SIGNED MESSAGE-----
On 08/19/2012 04:24 PM, Tom London wrote:
On Tue, Aug 14, 2012 at 2:21 PM, Dominick Grift
> You might want to check out the semanage --equiv option. (man semanage)
> That basically allows you to alias existing file context structures:
> heres an example from man semanage:
> For home directories under top level directory, for example /disk6/home,
> execute the following commands. # semanage fcontext -a -t home_root_t
> "/disk6" # semanage fcontext -a -e /home /disk6/home # restorecon -R -v
> so in your case you might want to make /data equivalent to / or
> semanage fcontext -a -e / /data restorecon -R -v -F /data
> That should label /data root_t, /data/var var_t, /data/var/lib var_lib_t
> just as if it was your main file system.
So this sounds exactly what i would like to do with my Luks encrytped USB
back up drive.
Unfortunately, I'm stumbling across the fact that the drive is
'automagically' mounted (when I login or power it on), and it gets mounted
/run/media/tbl/Backup1TB type ext4
The 'semanage -e' command spews:
[root@tlondon ~]# semanage fcontext -a -e / /run/media/tbl/Backup1TB/X200
/sbin/semanage: File spec /run/media/tbl/Backup1TB/X200 conflicts with
equivalency rule '/run /var/run'; Try adding
'/var/run/media/tbl/Backup1TB/X200' instead [root@tlondon ~]#
Appears that '/var/run/media' doesn't exist on my system (I guess /run and
/var/run are not really 'equivalent'?).
This an issue with my system (e.g., do I need an explicit entry in fstab or
some such)? With the scaffolding that deals with /run and /var/run? Other?
Should this work?
Yes it is telling you about a double equivalence. systemd guys have suggested
that we reverse the equivalence. since /var/run does not really exist anymore,
they suggested we move to /var/run -> /run rather then what we currently have
/run -> /var/run. My concern with this switch would be if users/package
developers had already added file context for /var/run
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----