tl;dr:

BackupPC users who want to enable SELinux should mount their backup media 
with either the context or defcontext options. (See links below for syntax.)

--On Tuesday, May 02, 2017 5:29 PM -0700 Kenneth Porter 
<shiva AT sewingwitch DOT com> wrote:

> I found through audit2why that the files in /var/lib/BackupPC (mounted
> from  an external USB drive) are mislabeled as
> system_u:object_r:unlabeled_t:s0  and should be labeled
> system_u:object_r:var_lib_t:s0.

I think the default label is per-filesystem so the mount point prevents the 
files on the external drive from getting labeled properly. I found this 
article showing how to set the filesystem's default label. There's also an 
option context= for setting a label that overrides all label attributes on 
files within the filesystem. That may be be useful for drives that get 
moved between systems that don't have selinux or have different policies.

<https://docs.fedoraproject.org/en-US/Fedora/12/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html>

<https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html>



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/