[CentOS] SELinux and daemons - clever way to change default locations?

Fri Apr 20 22:57:06 UTC 2007
Florin Andrei <florin at andrei.myip.org>

Florin Andrei wrote:
> 
> I wish there was a simple way to tell SELinux "I moved the MySQL datadir 
> (or the Squid cache dir, or the Cyrus-IMAPd spool) to this new location, 
> but everything else stays the same, please stop bugging me."

I think I figured out something:

In the particular case of moving /var/lib/mysql to the separate 
filesystem /db, it's enough to mount /db with the same SELinux context 
like /var:

mount -o defcontext=system_u:object_r:var_t /db

# ls -Z / | grep -e var -e db | grep -v srv
drwxr-xr-x  root root system_u:object_r:var_t          db
drwxr-xr-x  root root system_u:object_r:var_t          var

Then, if /db/mysql is created with the same SELinux attributes like 
/var/lib/mysql (and all its content too), then SELinux appears to stop 
complaining about mysqld.

-- 
Florin Andrei

http://florin.myip.org/