Bill Davidsen wrote:
>
>
>> The general recomendation for any laptop (with anything sufficiently
>> private) is to encrypt the disk. My preference is to (luks) encrypt
>> /home and swap and then bind mount /tmp and /var/tmp out of /home/tmp
>> /home/var/tmp. You could encrypt root as well and then skip the bind
>> mounts.
>>
> My experience with bind mounts is that they tend to make SElinux complain
> a lot.
> I have one system which mounts my personal home directory out of
> /mnt/other/home/username by bind mounting it to /home/username. SElinux
> has a
> litany of complaints, to the point that I spent hours telling it to ignore
> things. On FC9, if it matters.
>
>
Did you check the contexts on /mnt/other/home and the /username directory
underneath it?
I do exactly this except that I bind mount /opt/Local/home to /home I make
sure that the context for /opt/Local/home is the same as /home would
normally have, and then make sure the user directories have
system_u:object_r:user_home_dir_t
Within that the the user areas are generally user_home_t except for the
special contexts for thing like bin, .mozilla and so on.
With that scheme I had no avc denials or complaints from SELinux in either
f9 or f10 so far.... but the key is getting all the contexts correct.
--
View this message in context:
http://www.nabble.com/ssh-clarification-needed-tp21274919p21319442.html
Sent from the Fedora List mailing list archive at Nabble.com.
--
fedora-list mailing list
[email protected]
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines