Karsten Wade wrote:
-----Forwarded Message-----
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=119719
Here are two questions likely to be frequently asked, missing from the FAQ. They belong right after "Q: I installed Fedora Core on a system with an existing /home partition, and now I can't log in."
Thanks, good questions.
Just because I'm brave, I'm going to start answers to these questions, but am hoping others will soon chime in and help with the final answers for the FAQ. Please!
Q: If I relabel my existing /home partition after upgrading to FC2, will I still be able to read it if I need to revert to FC1? (In other words, am I burning my bridges when I run setfiles or fixfiles?)
Newly created files will not have a context and if you remove an recreate a file it will not have a context.
You (should?) be able to read the files from an FC1 system, but if the FC1 system does not have SELinux installed or enabled, any writes it does to that partition will be without file context. (Would this include changing timestamps? What about writing to existing files which do have file contexts?)
You can read the files on the fc1 system.
Just newly created files.
Q: Can an NFS-mountable /home partition be shared by FC1 and FC2 installations?
Yes. You can mount a non-SELinux partition with the context= option, e.g.:
You can nfs mount off of a SELinux file system onto a non SELinux file system. You can also nfs mount a non SELinux file system on a SELinux machine. By default all files are treated as nfs_t context. You can choose to override the default context by using the context option
mount -t nfs -o context=system_u:object_r:tmp_t server:/some/path /mnt/wherever
All of the files on the mount will appear to have the context system_u:object_r:tmp_t to SELinux.
Any files written by a non-SELinux system will not have file contexts, and the contexts of existing files are affected how?
Not true. When SELinux exports the file system the files will end up with the default context of the \ directory they were created in. The remote system has no effect on the file contexts.
thx - Karsten