I have had a thread running on Fedora list about a specific SELinux issue I have hit with F9. The history is that I did a clean install on a machine that was previously running F8, keeping /opt as an untouched partition and installed F9, leaving the SELinux enforcing on. On that /opt partition I keep the user area as /opt/Local/home, and as previously after the install I do cd / mv home home.dist ln -s /opt/Local/home . This then previously set my home areas to the way they were - On the machine in question this worked fine initially until I tried to ssh in to the machine from another in my local LAN. I was only able to login but could not change directory to the user home directory. There was a sealert message in /var/log/messages which indicated that I should restorecon -v /opt/* which I did - The contexts that are relevant were previously as follows: [mike <at> lapmike2 mike]$ ls -Zd /opt/Local/home drwxr-xr-x root root system_u:object_r:file_t:s0 /opt/Local/home [mike <at> lapmike2 mike]$ ls -Zd /home lrwxrwxrwx root root unconfined_u:object_r:root_t:s0 /home -> /opt/Local/home [mike <at> lapmike2 mike]$ ls -Zd /home/mike drwx------ mike mike system_u:object_r:user_home_dir_t:s0 /home/mike [mike <at> lapmike2 mike]$ ls -Zd /opt/Local/home/mike drwx------ mike mike system_u:object_r:user_home_dir_t:s0 /opt/Local/home/mike [mike <at> lapmike2 mike]$ ls -Zd /home/mike/.bash_profile -rw-r--r-- mike mike system_u:object_r:user_home_t:s0 /home/mike/.bash_profile I noticed that my /opt/Local/home has a type file_t whereas a posting in fedora list indicated it should be home_root_t I ran restorecon -v /opt/* The context for /opt/Local/home then had a type usr_t So I did chcon -t home_root_t At this point I could login to the machine using ssh as user mike. However I could not use passwordless ssh login even though I did have the previously working ~/.ssh directory. The sealert message suggested that the context of the authorized_keys2 file was wrong and I should run restorecon -v /opt/Local/home/mike/.ssh/authorized_keys2 After doing this the context seemed the same as before and ssh remains only with a password for access and no passwordless login was possible. I found that another user reported a similar issue: http://www.mjmwired.net/linux/2008/06/16/ selinux-preventing-ssh-passwordless-login/ (This url should be on a single line) So how do I proceed? Is the problem caused by the fact that the home area is symlinked from /home to /opt/Local/home ? I have seen some suggestion in a blog elsewhere that symlinks are problematic in SELinux? Maybe I need to create a directory /home and then bind mount /opt/Local/home onto it? Any advice would be appreciated as I am very new to SELinux, but would like to make it work rather than switching it off as I have done up to now. Thanks Mike -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
