autorelabel and changed security contexts

Florin Andrei florin at andrei.myip.org
Wed Mar 29 08:17:13 UTC 2006


I've a FC4 server that's slightly customized:
- /var/lib/imap and /var/spool/imap are moved to /home/cyrus (and /home
is a separate partition)
- /var/spool/squid is moved to another place (separate partition)
- /var/lib/mysql is moved to another place (separate partition)
- /var/log is on it's own partition

I customized the policy so that Cyrus IMAPd can access /home/cyrus
properly. But then I did "touch /.autorelabel; reboot" and Cyrus broke
completely. Upon investigation, I noticed that the security contexts of
the Cyrus folders in /home/cyrus were altered, from e.g.
system_u:object_r:cyrus_var_lib_t to... I forgot to what - something
else anyway.

Questions:

Why autorelabel changes the security contexts?

How can I tell autorelabel to leave alone /home/cyrus (or give it the
security contexts that I want those files to have)?

I am asking these questions because I want to upgrade the server to FC5,
keep the partitioning scheme, but avoid the multiple and annoying
SELinux issues I had when I installed FC4 on that machine.

So I guess the questions are at the same time for FC4 and FC5.

-- 
Florin Andrei

http://florin.myip.org/




More information about the selinux mailing list