autorelabel and changed security contexts
Florin Andrei
florin at andrei.myip.org
Wed Mar 29 08:17:13 UTC 2006
I've a FC4 server that's slightly customized:
- /var/lib/imap and /var/spool/imap are moved to /home/cyrus (and /home
is a separate partition)
- /var/spool/squid is moved to another place (separate partition)
- /var/lib/mysql is moved to another place (separate partition)
- /var/log is on it's own partition
I customized the policy so that Cyrus IMAPd can access /home/cyrus
properly. But then I did "touch /.autorelabel; reboot" and Cyrus broke
completely. Upon investigation, I noticed that the security contexts of
the Cyrus folders in /home/cyrus were altered, from e.g.
system_u:object_r:cyrus_var_lib_t to... I forgot to what - something
else anyway.
Questions:
Why autorelabel changes the security contexts?
How can I tell autorelabel to leave alone /home/cyrus (or give it the
security contexts that I want those files to have)?
I am asking these questions because I want to upgrade the server to FC5,
keep the partitioning scheme, but avoid the multiple and annoying
SELinux issues I had when I installed FC4 on that machine.
So I guess the questions are at the same time for FC4 and FC5.
--
Florin Andrei
http://florin.myip.org/
More information about the selinux
mailing list