Moving /var/www with SELinux enforcing

[Mike Cloaked]

tim.largy wrote:
> 
> Because I have limited space in /var and a program that wants to put
> gigabytes of data in /var/www, I want to move that directory
> (/var/www) elsewhere and simlink to it. What's the proper way to do
> this with SELinux enforcing?
> 
> 

I have a similar need when I move /var/spool/mail to another partition, and
the way I do it that leads to success is as follows (translating to your
case) all as root:

mkdir /path-to-new/www
Check contexts on this new directory are the same as for /var/www
ll -Zd /var/www
drwxr-xr-x  root root system_u:object_r:httpd_sys_content_t:s0 /var/www

Now copy all the files in the original using rsync (after stopping services
that use /var/www) to the new area copying the file contexts at the same
time:
rsync -aXH /var/www/* /path-to-new/www/

Make sure you use the -X flag as above.

Now move the original directory out of the way and make a new directory in
its place:
# cd /var
# mv www www.ORIG
# mkdir www

Now check the context of the two files by:
ls -Z www*
Make sure that the new www matches that of the original.

Then make a bind mount to mount the new area to the old area by adding a
line to /etc/fstab like
/path-to-new/www   /var/www         none    bind            0 0

Then 
# mount /path-to-new/www
should bind mount the new area.

Then you can start up your services as if they were in the original area.

(if necessary you can check that restorecon does keep the files contexts of
the bind mounted files in the new area correct and if not you can make new
rules using semanage fcontext that will survive a restorecon later)

I hope this helps...
-- 
View this message in context: http://www.nabble.com/Moving--var-www-with-SELinux-enforcing-tp21019357p21021072.html
Sent from the Fedora List mailing list archive at Nabble.com.