SElinux concerning symlink?

[Mike]

Stuart Sears <stuart <at> sjsears.com> writes:

> if you insist on putting such things in /opt, just make sure you label
> the directories/files correctly.
> 
> to be certain you do, examine the labels on a normal mailspool with ls -Z
> 
> here:
> 
> ls -Za /var/spool/mail

OK I now have things running sweetly with no sealerts!
I simply made a new directory /home and did a bind mount to /opt/Local/home
then did a restorecon on the directory to get all the contexts re-set.

Login remotely via ssh is fine and did not generate selinux warnings.

I have now also transferred mail over to link to the original mail which
had been set up in /opt/Local/spool/mail in F8. 
Did:
service sendmail stop
cd /var/spool
mv mail mail.dist
mkdir mail
restorecon -v mail

Copied the user .thunderbird area from backup, and checked mail setup.

Then setup fstab to bind mount /var/spool/mail to /opt/Local/spool/mail
configured the security certs for dovecot, and then restarted sendmail, 
and started dovecot after doing a restorecon on the mail subdirectories.

All worked fine and no sealerts generated.

So it does indeed seem that using bind mount instead of a symlink works
fine with SELinux.

I feel a lot more comfortable with selinux now that these two issues 
are resolved.

Thanks for all your help. By the way I think that generating some traffic
on this list concerning SELinux may also help other users think about
making things work rather than switching off SELinux as may have done in the
past.