Re: SElinux concerning symlink?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Mike wrote:

Craig White <craigwhite <at> azapple.com> writes:
No - you really need a better solution because if anything/anyone relabels, the current policy will trash those settings. 

Personally, I think you should probably mount what is /opt as /home
and that would fix most issues.


It would - but that would mean quite a bit of work - for next time
round (F10) I may then need to re-partition to give separate /home
and /opt partitions and then rsync files into them from backups.


You only have to get that right once, though, as you can preserve
existing partitions during the install if you wish.
I've done that a lot over time. There can be occasional issues with
GNOME (etc) but other than that, it often works just fine.


Doing this adds a lot to the upgrade process over a reasonable number
of machines.


hmmm... kickstart?
centrally stored homedirs and user mappings?
centrally stored mail?


Also I will be doing another change which looks like it will cause
SELinux issues since I move imap mail from the root partition into
/opt so that on upgrade I still have all past mail available.



Upgrading is a lot easier if /var/spool/mail can be moved out of the
root partition and stored elsewhere.


it almost certainly can. It can be a separate filesystem if you wish.

if you insist on putting such things in /opt, just make sure you label
the directories/files correctly.

to be certain you do, examine the labels on a normal mailspool with ls -Z

here:

ls -Za /var/spool/mail

drwxrwxr-x  root mail system_u:object_r:mail_spool_t:s0 .
drwxr-xr-x  root root system_u:object_r:var_spool_t:s0 ..
-rw-rw----  rpc mail system_u:object_r:mail_spool_t:s0 rpc
-rw-rw----  USER mail system_u:object_r:mail_spool_t:s0 USER

Just make sure those labels match where you want to store your mail and
you may be able to symlink that as well. But do think about the labels on parent directories in the path to your mailspools. 

cp -a /var/spool/mail /opt/local/

Will probably do the move for you.

Stuart
--
Stuart Sears RHCA etc.
"It's today!" said Piglet.
"My favourite day," said Pooh.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux