SELinux - a question about external drive after upgrade
Daniel J Walsh
dwalsh at redhat.com
Fri Oct 3 15:55:41 UTC 2008
> Daniel J Walsh <dwalsh <at> redhat.com> writes:
>> You can easily lay context down by running restorecon on the USB drive
>> at the mountpoint. Or just set it up to mount the disk with a countext.
>> Something like system_u:object_r:removable_t:s0.
> Thanks Dan - I will have to try this out once I have upgraded the main desktop
> to F9 with SELinux.
> I presume that using "rsync -aXH" from a laptop on the LAN and targetting
> the mountpoint on the desktop where the external usb drive is attached
> will then preserve contexts on the usb drive for the backup?
> At least this looks like it should work once I have the external drive
> mounted with the appropriate context...
> One other question I don't know the answer to is whether once this has
> been done - if the USB drive is then attached to a different machine that is
> running with SELinux disabled if that would cause problems or if the contexts
> would simply be ignored?
It should be ignored.
> The scenario would be that the drive is taken to another machine to restore
> files but that machine is SELinux disabled.
> I guess I still have plenty to learn about SELinux!
If you are going to be moving this disk back and forth between selinux
enabled and disabled machines, and the files back and forth on the disk,
you really should use a context mount on the SELinux platform to ignore
labels on the disk.
More information about the users