Selinux

Sharing Host Files With KVM

During my most recent server-build, I had to tackle exposing host-managed files to VMs. Previously, I used NFS. However, that was becoming increasingly troublesome, unfortunately due to IPv6. While I have an IPv6 connection and IPv6 network, my router will stop advertising the IPv6 network if the Internet goes down, causing connectivity issues. Additionally, the uncertainty of whether any connection will come as fe80:: vs my regular routable address was a pain (especially when my IPv6 network changed).

Snapperd on Fedora with SELinux enabled

Snapper is an excellent utility that provides hourly snapshots of btrfs subvolumes. Fedora ships with selinux enabled by default. This is excellent, and shouldn’t be disabled. To allow this, most software in Fedora has appropriate rules defined, including snapper. However, snappers rules only allow it to work on / and /home. If you wish to use it to snapshot /mnt/data, or /srv, or any other particular path, you’re going to have a very bad time.

SELinux and apache (httpd)

I’ve just built a new web server vm, basically identical to my mariadb one, and the fedora cloud image. This is documentation on how I configured it, as well as the ttrss update daemon. To get nfs to work, install nfs-utils. I need some packages also for ttrss. $ yum install nfs-utils httpd php php-mysql php-mbstring php-xml I’m putting the web root on an nfs mount from my nas. I have multiple virtualhosts.

SELinux and mariadb (mysql)

I’ve just built a new mysql server vm, using the instructions I posted previously. This is documentation on how I configured it. To get nfs to work, install nfs-utils. $ yum install nfs-utils httpd mariadb mariadb-server I’m putting the database on an nfs mount from my nas. Socket files can’t exist on nfs. It’s easier to move the data than the socket file (I think I hit an selinux issue with socket access).