----- Original Message ----- | -----BEGIN PGP SIGNED MESSAGE----- | Hash: SHA1 | | On 12/27/2012 06:09 AM, Markku Kolkka wrote: | > 27.12.2012 3:03, James A. Peltier kirjoitti: | > | >> I'm really feeling dense today. I can't find anywhere in the FTP | >> man | >> page anything related to SELinux labels. | > | > See "man ftpd_selinux". Yet again, this is about setting a SELinux context and not removing it, or excluding it from SELinux processing entirely. This is NOT what I want to do. Thankfully, Dan Walsh understood the problem and was able to better answer it for me. | Depending on your virsion, you should be able to add an entry like | /exports to | /etc/selinux/fixfiles_exclude_dirs | | And fixfiles should exclude this directory. (Autorelabel/rpm updates) | | grep fixfiles_exclude_dirs /sbin/fixfiles However, on CentOS 5.8 or 6.3 this does not seem to exist on any of the hosts I have. [root at daat ~]# which fixfiles /sbin/fixfiles and [root at daat ~]# grep -i exclude /sbin/fixfiles returns nothing but it does exist in Fedora. | Another way to do this is to add a mount option to the directories | mounted at | /exports | | mount -o context="..." | | Autorelabel does not relabel anything mounted with a context option. Ok gotcha! So since I'm trying to understand this better in the context of an NFS file server what would be the "best" aka least intrusive context (perhaps most permissive is a better term)? Perhaps unconfined_u:object_r:default_t:s0? A secondary question is why is it that semanage fcontext -a -t "<<none>>" "/exports(/.*)?" did not work? Shouldn't this tell SELinux not to bother with the directory or is it still walking the file system to find files with labels? Thanks for you help in better utilizing SELinux BTW. ;) -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpeltier at sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier "The smartest people are constantly revising their understanding, reconsidering a problem they thought they’d already solved. They’re open to new points of view, new information, new ideas, contradictions, and challenges to their own way of thinking." - Jeff Bezos