-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/20/2010 08:08 AM, Vadym Chepkov wrote: > > On Jul 19, 2010, at 9:32 AM, Daniel J Walsh wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 07/16/2010 12:56 PM, Vadym Chepkov wrote: >>> Hi, >>> >>> Whenever I try to modify a policy I get a warning like this: >>> >>> /usr/sbin/genhomedircon will not create a new context. This usually indicates an incorrectly defined system account. If it is a system account please make sure its login shell is /sbin/nologin. >>> >>> And this is true, I did create a system account with home in /var/lib/application >>> But, I need this account to have a real shell. How can I make SELinux happy? >>> >>> Thank you, >>> Vadym Chepkov >>> -- >>> selinux mailing list >>> selinux@xxxxxxxxxxxxxxxxxxxxxxx >>> https://admin.fedoraproject.org/mailman/listinfo/selinux >> Can you set the UID < 500? >> >> Which OS is causing this? >> >> In F12 and F13 you can add >> >> >> usepasswd=FALSE >> >> to /etc/selinux/semanage.conf >> >> Which will tell genhomedircon to stop looking in /etc/passwd for homedirs. > > > It's RHEL5, so, no such option in semanage.conf > > I have 2 userid defined this way: > > app:x:610:610:App subsystem:/var/lib/application:/bin/bash > appftp:x:611:611:App ftp subsystem:/var/lib/application/ftproot:/bin/bash > > > SELinux is only unhappy about the first one. > > I will try to change id, but it's strange it only affect one out of two > > Thanks, > Vadym > I have turned off genhomedircon by default in RHEL6 and F13, perfering admins to setup the labeling them selves. They can turn it back on by editing the /etc/selinux/semange.conf -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxFo3UACgkQrlYvE4MpobOAnQCgpFbNy5p0V5VFPJa+Hpo7+J5j J9MAnjg0zwz6Kwlo45J4cvQ7FR2+tZcO =fmfJ -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
