On Thu, 2008-07-24 at 21:11 +0000, Mike wrote: > Craig White <craigwhite <at> azapple.com> writes: > > > > Hence there seems to be a bug in the SELinux policy on this issue? > > ---- > > I would doubt that.../opt is not a usual place for users $home > > directories and thus the policy for files in that tree would not be > > suitable for the method you are using. > > You may well be right - I installed F9 on another machine where I have > the user areas in a pre-existing /home partition and this worked without > issues. > > However there must be a way to work around the problem? > > I know I could re-partition and make a new partition for /home and a > separate partition for /opt - but that would be hard work at this stage. > > Or I could in future make /home a partition and then make a subdirectory > /home/opt and symlink that to /opt - but that may then lead to other > problems that I have not come to at this stage using SELinux.... > > It seems that using SELinux opens up issues that I had never previously > though about... and if there is no easy workaround then I would be pushed > into switching off SELinux again which would be a shame. ---- you probably just need to duplicate the contexts that they would have as if they were in the 'home' directory... $ ls -lZ /home/craig/.ssh -rw------- craig craig user_u:object_r:user_home_t client.id_dsa.key -rw------- craig craig user_u:object_r:user_home_t id_dsa -rw-rw-r-- craig craig unconfined_u:object_r:user_home_t id_dsa.keystore -rw-r--r-- craig craig unconfined_u:object_r:user_home_t id_dsa.pub -rw------- craig craig unconfined_u:object_r:user_home_t id_rsa -rw-rw-r-- craig craig unconfined_u:object_r:user_home_t id_rsa.keystore -rw-r--r-- craig craig unconfined_u:object_r:user_home_t id_rsa.pub -rw------- craig craig user_u:object_r:user_home_t known_hosts but the issue of policy is that these are not the settings these files would get if they were located in /opt. That's why you need to go to the selinux-list because they might have some good ideas Craig -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
