tl;dr: BackupPC users who want to enable SELinux should mount their backup media with either the context or defcontext options. (See links below for syntax.)
--On Tuesday, May 02, 2017 5:29 PM -0700 Kenneth Porter <sh...@sewingwitch.com> wrote: > I found through audit2why that the files in /var/lib/BackupPC (mounted > from an external USB drive) are mislabeled as > system_u:object_r:unlabeled_t:s0 and should be labeled > system_u:object_r:var_lib_t:s0. I think the default label is per-filesystem so the mount point prevents the files on the external drive from getting labeled properly. I found this article showing how to set the filesystem's default label. There's also an option context= for setting a label that overrides all label attributes on files within the filesystem. That may be be useful for drives that get moved between systems that don't have selinux or have different policies. <https://docs.fedoraproject.org/en-US/Fedora/12/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html> <https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html> --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
