selinux: rhel5 x fedora 14
Daniel J Walsh
dwalsh at redhat.com
Wed Jan 12 18:02:21 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/12/2011 06:29 AM, Paulo Cavalcanti wrote:
> Hi,
>
> I have two HDs on my computer: one with rhel5 5.5 and the other with
> fedora 14.
> Both systems share some directories located in a common /home, mainly
> used by the httpd process.
>
> The problem is that selinux in fedora 14 uses "unrestricted_u" by
> default for all users, which rel5 does not understand,
> and any file labeled that way is treated as "unlabeled_t" in rhel5.
>
> I tried to relabel all files in Fedora 14 using "chcon -R -u user_u -t
> user_home_t" , for instance,
> but every new file is still created as "unrestricted_u".
>
> I know very little about selinux, and I would like to know how to force
> all files in F14 to be user_u,
> but keeping the user owning those files, unrestricted.
>
> Is that possible? Is there a better solution for not having tons of
> denials in rhel5?
>
> Thanks.
>
> --
> Paulo Roma Cavalcanti
> LCG - UFRJ
>
One solution would be to mount with a context on one of the platforms.
On RHEL5 mount the users homedir with a context of nfs_t, and set the
boolean to say allow nfs homedirs
mount -o context="system_u:object_r:nfs_t:s0" /dev/ABC /home
setsebool -P use_nfs_home_dirs 1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk0t7K0ACgkQrlYvE4MpobMSNQCglzpeJ9U8bneGb9rE8alXKMl/
H9AAn16kLVTqzGjWo7FmKwHxJoGPI0UT
=WsBO
-----END PGP SIGNATURE-----
More information about the devel
mailing list