FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 07-24-2008, 09:04 PM
Mike
 
Default SELinux concerning /home symlink?

I have had a thread running on Fedora list about a specific SELinux issue
I have hit with F9.

The history is that I did a clean install on a machine that was previously
running F8, keeping /opt as an untouched partition and installed F9,
leaving the SELinux enforcing on.

On that /opt partition I keep the user area as /opt/Local/home, and
as previously after the install I do
cd /
mv home home.dist
ln -s /opt/Local/home .

This then previously set my home areas to the way they were -

On the machine in question this worked fine initially until I tried
to ssh in to the machine from another in my local LAN.

I was only able to login but could not change directory to the user home
directory.

There was a sealert message in /var/log/messages which indicated that
I should restorecon -v /opt/* which I did -

The contexts that are relevant were previously as follows:
[mike <at> lapmike2 mike]$ ls -Zd /opt/Local/home
drwxr-xr-x root root system_ubject_r:file_t:s0 /opt/Local/home
[mike <at> lapmike2 mike]$ ls -Zd /home
lrwxrwxrwx root root unconfined_ubject_r:root_t:s0 /home -> /opt/Local/home
[mike <at> lapmike2 mike]$ ls -Zd /home/mike
drwx------ mike mike system_ubject_r:user_home_dir_t:s0 /home/mike
[mike <at> lapmike2 mike]$ ls -Zd /opt/Local/home/mike
drwx------ mike mike system_ubject_r:user_home_dir_t:s0 /opt/Local/home/mike
[mike <at> lapmike2 mike]$ ls -Zd /home/mike/.bash_profile
-rw-r--r-- mike mike system_ubject_r:user_home_t:s0 /home/mike/.bash_profile

I noticed that my /opt/Local/home has a type file_t whereas
a posting in fedora list indicated it should be home_root_t

I ran restorecon -v /opt/*
The context for /opt/Local/home then had a type usr_t
So I did
chcon -t home_root_t

At this point I could login to the machine using ssh as user mike.
However I could not use passwordless ssh login even though I did have
the previously working ~/.ssh directory.

The sealert message suggested that the context of the authorized_keys2 file
was wrong and I should run
restorecon -v /opt/Local/home/mike/.ssh/authorized_keys2
After doing this the context seemed the same as before and ssh remains
only with a password for access and no passwordless login was possible.

I found that another user reported a similar issue:
http://www.mjmwired.net/linux/2008/06/16/
selinux-preventing-ssh-passwordless-login/
(This url should be on a single line)

So how do I proceed?
Is the problem caused by the fact that the home area is symlinked from
/home to /opt/Local/home ?

I have seen some suggestion in a blog elsewhere that symlinks are
problematic in SELinux? Maybe I need to create a directory /home
and then bind mount /opt/Local/home onto it?

Any advice would be appreciated as I am very new to SELinux, but would
like to make it work rather than switching it off as I have done up to now.

Thanks
Mike

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 10:37 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org