Stuart Sears <stuart <at> sjsears.com> writes: > if you insist on putting such things in /opt, just make sure you label > the directories/files correctly. > > to be certain you do, examine the labels on a normal mailspool with ls -Z > > here: > > ls -Za /var/spool/mail OK I now have things running sweetly with no sealerts! I simply made a new directory /home and did a bind mount to /opt/Local/home then did a restorecon on the directory to get all the contexts re-set. Login remotely via ssh is fine and did not generate selinux warnings. I have now also transferred mail over to link to the original mail which had been set up in /opt/Local/spool/mail in F8. Did: service sendmail stop cd /var/spool mv mail mail.dist mkdir mail restorecon -v mail Copied the user .thunderbird area from backup, and checked mail setup. Then setup fstab to bind mount /var/spool/mail to /opt/Local/spool/mail configured the security certs for dovecot, and then restarted sendmail, and started dovecot after doing a restorecon on the mail subdirectories. All worked fine and no sealerts generated. So it does indeed seem that using bind mount instead of a symlink works fine with SELinux. I feel a lot more comfortable with selinux now that these two issues are resolved. Thanks for all your help. By the way I think that generating some traffic on this list concerning SELinux may also help other users think about making things work rather than switching off SELinux as may have done in the past. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
