search for: container_file_t

Hi, the instructions for "Time Synchronisation - SELinux Labeling and Policy" on https://wiki.samba.org/index.php/Time_Synchronisation_-_SELinux_Labeling_and_Policy don't seem to work on CentOS 8. Using chrony I tried to adapt them (with very limited SELinux knowledge) like this: chcon -u system_u -t chronyd_exec_t /var/lib/samba/ntp_signd semanage fcontext -a -t chronyd_exec_t

...of ntp_signd and probably have problems with Samba trying to create or write to it because it doesn't have the appropriate Samba context, Let chrony access the Samba labeled files with a SELinux module like: ====================== module local 1.0; require { type chronyd_t; type container_file_t; class sock_file write; class dir search; } allow chronyd_t container_file_t:dir search; allow chronyd_t container_file_t:sock_file write; ====================== Note: I use container_file_t because my Samba is containerized, but you should use samba_var_t since your Samba is running o...

...var/tmp would be local storage, and used for the appliance. (There are other ways to do this if for some reason /var/tmp must be NFS.) Thanks Igor and Tomas for helping to get access to the environment. Rich. Mount entries: overlay on / type overlay (rw,relatime,context="system_u:object_r:container_file_t:s0:c581,c761",lowerdir=/var/lib/containers/storage/overlay/l/R65BQQOII4EN66JKVROCRZX4DA:/var/lib/containers/storage/overlay/l/VK5ZPTQFJK7RG4DMBQ6IUDKVYS:/var/lib/containers/storage/overlay/l/QNYZ757HCAAQMJJZUZ6D452CSS,upperdir=/var/lib/containers/storage/overlay/76d93cb1256f566100ec2a7e5b5c4b8...

...ppliance. > (There are other ways to do this if for some reason /var/tmp must be NFS.) > > Thanks Igor and Tomas for helping to get access to the environment. > > Rich. > > > Mount entries: > > overlay on / type overlay (rw,relatime,context="system_u:object_r:container_file_t:s0:c581,c761",lowerdir=/var/lib/containers/storage/overlay/l/R65BQQOII4EN66JKVROCRZX4DA:/var/lib/containers/storage/overlay/l/VK5ZPTQFJK7RG4DMBQ6IUDKVYS:/var/lib/containers/storage/overlay/l/QNYZ757HCAAQMJJZUZ6D452CSS,upperdir=/var/lib/containers/storage/overlay/76d93cb1256f566100ec2a7e5b5c4b8...

Previously we placed large files in g#get_cachedir () (usually /var/tmp). However the problem is this ties the libguestfs appliance and the virt-v2v overlay files to the same location. When virt-v2v is run in a container, or any other situation where local storage is limited, it's helpful to be able to put the overlay files on an externally mounted PVC, which might be using NFS and shared