Bill Davidsen wrote: > > >> The general recomendation for any laptop (with anything sufficiently >> private) is to encrypt the disk. My preference is to (luks) encrypt >> /home and swap and then bind mount /tmp and /var/tmp out of /home/tmp >> /home/var/tmp. You could encrypt root as well and then skip the bind >> mounts. >> > My experience with bind mounts is that they tend to make SElinux complain > a lot. > I have one system which mounts my personal home directory out of > /mnt/other/home/username by bind mounting it to /home/username. SElinux > has a > litany of complaints, to the point that I spent hours telling it to ignore > things. On FC9, if it matters. > > Did you check the contexts on /mnt/other/home and the /username directory underneath it? I do exactly this except that I bind mount /opt/Local/home to /home I make sure that the context for /opt/Local/home is the same as /home would normally have, and then make sure the user directories have system_u:object_r:user_home_dir_t Within that the the user areas are generally user_home_t except for the special contexts for thing like bin, .mozilla and so on. With that scheme I had no avc denials or complaints from SELinux in either f9 or f10 so far.... but the key is getting all the contexts correct. -- View this message in context: http://www.nabble.com/ssh-clarification-needed-tp21274919p21319442.html Sent from the Fedora List mailing list archive at Nabble.com. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
