selinux: rhel5 x fedora 14
Stephen Smalley
sds at tycho.nsa.gov
Wed Jan 12 15:21:45 UTC 2011
On Wed, 2011-01-12 at 09:29 -0200, Paulo Cavalcanti wrote:
> Hi,
>
> I have two HDs on my computer: one with rhel5 5.5 and the other with
> fedora 14.
> Both systems share some directories located in a common /home, mainly
> used by the httpd process.
>
> The problem is that selinux in fedora 14 uses "unrestricted_u" by
> default for all users, which rel5 does not understand,
> and any file labeled that way is treated as "unlabeled_t" in rhel5.
>
> I tried to relabel all files in Fedora 14 using "chcon -R -u user_u -t
> user_home_t" , for instance,
> but every new file is still created as "unrestricted_u".
>
> I know very little about selinux, and I would like to know how to
> force all files in F14 to be user_u,
> but keeping the user owning those files, unrestricted.
>
> Is that possible? Is there a better solution for not having tons of
> denials in rhel5?
When mounting /home under rhel5, add the context= option to your list of
mount options, e.g.
context=user_u:object_r:user_home_t:s0
Then your rhel5 system will treat all inodes under /home as if they were
labeled with that context and will not read the values set by f14.
--
Stephen Smalley
National Security Agency
More information about the devel
mailing list