Description of problem: I can't move an outside directory into an encrypted encfs directory. Version-Release number of selected component (if applicable): fuse-encfs-1.3.1-2.fc5 libselinux-1.30.3-3.fc5 selinux-policy-2.3.7-2.fc5 selinux-policy-targeted-2.3.7-2.fc5 libselinux-python-1.30.3-4.fc5 libselinux-1.30.3-4.fc5 How reproducible: Every time Steps to Reproduce: 1. As nonpriv user... $ encfs ~/.cryptdir ~/cryptdir 2. $ mv foodir ~/cryptdir 3. Actual results: permission denied Expected results: success Additional info: From /var/log/messages Sep 26 13:21:39 teflon kernel: audit(1159291299.977:77): avc: denied { associate } for pid=8543 comm="mv" name="foodir" scontext=user_u:object_r:user_home_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem Sep 26 13:29:10 teflon kernel: SELinux: initialized (dev fuse, type fuse), not configured for labeling
Experimenting with this, it does not seem that fuse/encfs supports Extended attributes. I have set up SELinux policy to handle it, and have gotten extended attributes assigned within a encfs directory, but when I remount the encfs it looses the selinux_context, and goes back to unlabeled_t.
*** This bug has been marked as a duplicate of 189142 ***