Re: selinux file attributes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Gene Czarcinski wrote:

OK, I just did a fresh everything install with today's development snapshot and it is looking good. I let things default to enforcing and was able to login.

However ... I then added a couple of other userids. Before doing that with system-config-users, I edited to /etc/security/selinux/src/users file to define one of these as an "admin" user.

Oops, I cannot login because it cannot find the home directory (because it has incompatible attributes). OK, so I login as root (role=sysadm_r) and run "fixfiles relabel". Then I logout but now gdm cannot come up! OK, go to a VT and login as root ... run "make reload" and "make relabel" and then reboot.

While s-c-u should handle the application of proper attributes (it needs to be selinux aware and supporting), I should not need to keep running relabel.


Yes, s-c-u needs to be more SELinux aware. Currently user management needs to be worked on before final release.

One of the other things I noticed is that after installation the partitions lost-found directory did not have any attributes ... after running relabel it did. Shouldn't this be handled by the installer? I wonder what happens if you format a new partition?


Gene

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux