FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 04-07-2010, 06:42 PM
Klaus Lichtenwalder
 
Default file_contexts.homedirs and new users

Hi,

I just stumbled about the effect that adding a new user and creating a
.ssh directory does not automatically fix its context though it's listed
in file_contexts.homedirs (this was done via unattended package
installs). It is fixed by an explicit restorecon, though.
I searched google up and down and did not find how/when the
homedirs-File gets applied. Restorecon explicitely used sets the context
to home_ssh_t and everything is fine. So sorry if I missed something
obvious, but I just don't get how and when the policy from
file_contexts.homedirs gets applied
(it's on an up to date F12 system)

Klaus

--
------------------------------------------------------------------------
Klaus Lichtenwalder, Dipl. Inform., http://lklaus.homelinux.org/Klaus/
PGP Key fingerprint: BF52 72FA 1F5A 1E29 C0F8 498C C4C6 633C 2821 97DA


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 04-07-2010, 06:43 PM
Bruno Wolff III
 
Default file_contexts.homedirs and new users

On Wed, Apr 07, 2010 at 20:42:23 +0200,
Klaus Lichtenwalder <k.lichtenwalder@computer.org> wrote:
> Hi,
>
> I just stumbled about the effect that adding a new user and creating a
> .ssh directory does not automatically fix its context though it's listed
> in file_contexts.homedirs (this was done via unattended package
> installs). It is fixed by an explicit restorecon, though.
> I searched google up and down and did not find how/when the
> homedirs-File gets applied. Restorecon explicitely used sets the context
> to home_ssh_t and everything is fine. So sorry if I missed something
> obvious, but I just don't get how and when the policy from
> file_contexts.homedirs gets applied
> (it's on an up to date F12 system)

The file context information only gets used when relabelling.
The context of new created files and directories depends on the context of
the directory they are being created in and the context of the process
doing the creation and any manual overrides made by the creating process.
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 04-08-2010, 10:36 AM
Daniel J Walsh
 
Default file_contexts.homedirs and new users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/07/2010 02:43 PM, Bruno Wolff III wrote:
> On Wed, Apr 07, 2010 at 20:42:23 +0200,
> Klaus Lichtenwalder <k.lichtenwalder@computer.org> wrote:
>> Hi,
>>
>> I just stumbled about the effect that adding a new user and creating a
>> .ssh directory does not automatically fix its context though it's listed
>> in file_contexts.homedirs (this was done via unattended package
>> installs). It is fixed by an explicit restorecon, though.
>> I searched google up and down and did not find how/when the
>> homedirs-File gets applied. Restorecon explicitely used sets the context
>> to home_ssh_t and everything is fine. So sorry if I missed something
>> obvious, but I just don't get how and when the policy from
>> file_contexts.homedirs gets applied
>> (it's on an up to date F12 system)
>
> The file context information only gets used when relabelling.
> The context of new created files and directories depends on the context of
> the directory they are being created in and the context of the process
> doing the creation and any manual overrides made by the creating process.
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
You can use the restorecond service if you want to watch for the
creation of certain files.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAku9scEACgkQrlYvE4MpobMWaQCgrG6jLm8rDq LCuX5hc7HnpbET
lqsAoK26M+7gYSfWoImDMJcgfDF8lpR+
=NjGl
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 10:12 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org