fedora-selinux August 2010 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: Re: .autorelabel on mounted filesystems

Re: .autorelabel on mounted filesystems

From: Daniel J Walsh <dwalsh_at_nospam>
Date: Fri Aug 27 2010 - 12:28:55 GMT
To: "Daniel B. Thurman" <dant@cdkkt.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/27/2010 02:19 AM, Daniel B. Thurman wrote:
>
> I have several versions of root distro partitions of which I do
> mount via fstab, but of course only one / and /boot partition
> is to be defined for the version to be booted.
>
> What I would like to know is, if I do an /.autorelabel,
> for one boot/root partition, does this mean that every
> mounted filesystem that appears in /etc/fstab also gets
> relabeled? If so, this is not what I want especially if
> other root distro partitions are being mounted for example,
> say: /md/{distro1, distro2, ...}
>
> So, How do I get around this? I could comment out
> all entries in /etc/fstab except / and /boot (plus the
> required entries), touch /.autorelabel, reboot, and once
> relabeling is completed, then add back in the commented
> out fstab entries, then issue a mount -a. Could I add an option
> entry say: NO_RELABEL to certain fstab entries?
>
> Since I was introduced to the /media since F9, I never could
> figure out how to add mounted "media" filesystems, which
> is why I added them instead to fstab.
>
> How do I solve this issue?
>
>
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
If you add a context mount to your /etc/fstab for the other
distributions, autorelabel will not effect this paths.

Something like

context="system_y:object_r:usr_t:s0"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkx3r4cACgkQrlYvE4MpobOwiACfZBQetirk1Z4k+hPJkwrg0X97
C30AnjV2d1UlPAlIFxn5bzsR/7IQBxGt
=qmvO
-----END PGP SIGNATURE-----
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux