file_contexts.homedirs and new users
Hi,
I just stumbled about the effect that adding a new user and creating a .ssh directory does not automatically fix its context though it's listed in file_contexts.homedirs (this was done via unattended package installs). It is fixed by an explicit restorecon, though. I searched google up and down and did not find how/when the homedirs-File gets applied. Restorecon explicitely used sets the context to home_ssh_t and everything is fine. So sorry if I missed something obvious, but I just don't get how and when the policy from file_contexts.homedirs gets applied (it's on an up to date F12 system) Klaus -- ------------------------------------------------------------------------ Klaus Lichtenwalder, Dipl. Inform., http://lklaus.homelinux.org/Klaus/ PGP Key fingerprint: BF52 72FA 1F5A 1E29 C0F8 498C C4C6 633C 2821 97DA -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
file_contexts.homedirs and new users
On Wed, Apr 07, 2010 at 20:42:23 +0200,
Klaus Lichtenwalder <k.lichtenwalder@computer.org> wrote: > Hi, > > I just stumbled about the effect that adding a new user and creating a > .ssh directory does not automatically fix its context though it's listed > in file_contexts.homedirs (this was done via unattended package > installs). It is fixed by an explicit restorecon, though. > I searched google up and down and did not find how/when the > homedirs-File gets applied. Restorecon explicitely used sets the context > to home_ssh_t and everything is fine. So sorry if I missed something > obvious, but I just don't get how and when the policy from > file_contexts.homedirs gets applied > (it's on an up to date F12 system) The file context information only gets used when relabelling. The context of new created files and directories depends on the context of the directory they are being created in and the context of the process doing the creation and any manual overrides made by the creating process. -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
file_contexts.homedirs and new users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 On 04/07/2010 02:43 PM, Bruno Wolff III wrote: > On Wed, Apr 07, 2010 at 20:42:23 +0200, > Klaus Lichtenwalder <k.lichtenwalder@computer.org> wrote: >> Hi, >> >> I just stumbled about the effect that adding a new user and creating a >> .ssh directory does not automatically fix its context though it's listed >> in file_contexts.homedirs (this was done via unattended package >> installs). It is fixed by an explicit restorecon, though. >> I searched google up and down and did not find how/when the >> homedirs-File gets applied. Restorecon explicitely used sets the context >> to home_ssh_t and everything is fine. So sorry if I missed something >> obvious, but I just don't get how and when the policy from >> file_contexts.homedirs gets applied >> (it's on an up to date F12 system) > > The file context information only gets used when relabelling. > The context of new created files and directories depends on the context of > the directory they are being created in and the context of the process > doing the creation and any manual overrides made by the creating process. > -- > selinux mailing list > selinux@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/selinux > > You can use the restorecond service if you want to watch for the creation of certain files. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAku9scEACgkQrlYvE4MpobMWaQCgrG6jLm8rDq LCuX5hc7HnpbET lqsAoK26M+7gYSfWoImDMJcgfDF8lpR+ =NjGl -----END PGP SIGNATURE----- -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
| All times are GMT. The time now is 11:12 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.