I need to upgrade a server running an old Fedora version. The new OS will be CentOS 5 64bit. I want to put /var/lib/cyrus and /var/spool/cyrus (all the variable files for the Cyrus IMAP server) on the same partition like /home - this way, all the "user-related stuff", home pages and email, stays on one partition. The problem is SELinux. On Fedora, I had to customize the SELinux attributes so that SELinux would grant the Cyrus processes access to the Cyrus stuff in /home But, after doing a relabel of the whole disk, the custom attributes were wiped out. I want to avoid that on CentOS 5. So, I need to tell SELinux "hey, this stuff under /home/foobar/spool/cyrus is just like /var/spool/cyrus, don't relabel it to something else". How do I achieve that? -- Florin Andrei http://florin.myip.org/
On 7/2/07, Florin Andrei <florin at andrei.myip.org> wrote:> So, I need to tell SELinux "hey, this stuff under > /home/foobar/spool/cyrus is just like /var/spool/cyrus, don't relabel it > to something else". How do I achieve that?Re-write the policies. <personal opinion> keeping this stuff in /home is bad. leave it in /var/ where it belongs </personal opinion> -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell
On Mon, 2007-07-02 at 12:16 -0700, Florin Andrei wrote:> So, I need to tell SELinux "hey, this stuff under > /home/foobar/spool/cyrus is just like /var/spool/cyrus, don't relabel it > to something else". How do I achieve that?Add it to the local file contexts for your policy. The "semanage" tool provides a handy interface to do this. The manual page has some useful examples. -- Daniel