Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora SELinux Support (http://www.linux-archive.org/fedora-selinux-support/)
-   -   file_contexts.homedirs and new users (http://www.linux-archive.org/fedora-selinux-support/353300-file_contexts-homedirs-new-users.html)

Klaus Lichtenwalder 04-07-2010 06:42 PM

file_contexts.homedirs and new users
 
Hi,

I just stumbled about the effect that adding a new user and creating a
.ssh directory does not automatically fix its context though it's listed
in file_contexts.homedirs (this was done via unattended package
installs). It is fixed by an explicit restorecon, though.
I searched google up and down and did not find how/when the
homedirs-File gets applied. Restorecon explicitely used sets the context
to home_ssh_t and everything is fine. So sorry if I missed something
obvious, but I just don't get how and when the policy from
file_contexts.homedirs gets applied
(it's on an up to date F12 system)

Klaus

--
------------------------------------------------------------------------
Klaus Lichtenwalder, Dipl. Inform., http://lklaus.homelinux.org/Klaus/
PGP Key fingerprint: BF52 72FA 1F5A 1E29 C0F8 498C C4C6 633C 2821 97DA


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Bruno Wolff III 04-07-2010 06:43 PM

file_contexts.homedirs and new users
 
On Wed, Apr 07, 2010 at 20:42:23 +0200,
Klaus Lichtenwalder <k.lichtenwalder@computer.org> wrote:
> Hi,
>
> I just stumbled about the effect that adding a new user and creating a
> .ssh directory does not automatically fix its context though it's listed
> in file_contexts.homedirs (this was done via unattended package
> installs). It is fixed by an explicit restorecon, though.
> I searched google up and down and did not find how/when the
> homedirs-File gets applied. Restorecon explicitely used sets the context
> to home_ssh_t and everything is fine. So sorry if I missed something
> obvious, but I just don't get how and when the policy from
> file_contexts.homedirs gets applied
> (it's on an up to date F12 system)

The file context information only gets used when relabelling.
The context of new created files and directories depends on the context of
the directory they are being created in and the context of the process
doing the creation and any manual overrides made by the creating process.
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Daniel J Walsh 04-08-2010 10:36 AM

file_contexts.homedirs and new users
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/07/2010 02:43 PM, Bruno Wolff III wrote:
> On Wed, Apr 07, 2010 at 20:42:23 +0200,
> Klaus Lichtenwalder <k.lichtenwalder@computer.org> wrote:
>> Hi,
>>
>> I just stumbled about the effect that adding a new user and creating a
>> .ssh directory does not automatically fix its context though it's listed
>> in file_contexts.homedirs (this was done via unattended package
>> installs). It is fixed by an explicit restorecon, though.
>> I searched google up and down and did not find how/when the
>> homedirs-File gets applied. Restorecon explicitely used sets the context
>> to home_ssh_t and everything is fine. So sorry if I missed something
>> obvious, but I just don't get how and when the policy from
>> file_contexts.homedirs gets applied
>> (it's on an up to date F12 system)
>
> The file context information only gets used when relabelling.
> The context of new created files and directories depends on the context of
> the directory they are being created in and the context of the process
> doing the creation and any manual overrides made by the creating process.
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
You can use the restorecond service if you want to watch for the
creation of certain files.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAku9scEACgkQrlYvE4MpobMWaQCgrG6jLm8rDq LCuX5hc7HnpbET
lqsAoK26M+7gYSfWoImDMJcgfDF8lpR+
=NjGl
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux


All times are GMT. The time now is 09:45 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.