Am 25.11.2017 um 19:10 schrieb Gionatan Danti:
Being a regular user of selinux, I often face situations where some
common directories (es: /var/log or /var/lib) needs to be redirected
to other partitions/volumes.
I very simple approach, without impacting selinux at all, is to mount
a volume in the precise path I need to replace - ie mount
/dev/vg_test/lv_lib in /var/lib. However, this is a
one-volume-for-directory approach and I would like to avoid it.
The other possibility is to create single big volume with multiple
directories, mount it, and
1) symlink the original dir (ie: /var/log) to the new one (ie:
/mnt/volume/var/log);
2) use a bind mount to re-mount the destination dir
(/mnt/volume/var/log) on the original one (/var/log).
The symlink approach is self-explaining, as anyone listing the
original directory will immediately notice it. However, it sometime
require extensive customization of the selinux policy, a thing I try
hard to avoid.
Did you use the equivalence option of semanage fcontext for
/mnt/volume/var/log?
semanage fcontext -a -e /home /mnt/volume/var/log
see also:
https://danwalsh.livejournal.com/27571.html
- Thomas