-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/20/2010 09:45 AM, Vadym Chepkov wrote: > > On Jul 20, 2010, at 9:23 AM, Daniel J Walsh wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 07/20/2010 08:08 AM, Vadym Chepkov wrote: >>> >>> On Jul 19, 2010, at 9:32 AM, Daniel J Walsh wrote: >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> On 07/16/2010 12:56 PM, Vadym Chepkov wrote: >>>>> Hi, >>>>> >>>>> Whenever I try to modify a policy I get a warning like this: >>>>> >>>>> /usr/sbin/genhomedircon will not create a new context. This usually indicates an incorrectly defined system account. If it is a system account please make sure its login shell is /sbin/nologin. >>>>> >>>>> And this is true, I did create a system account with home in /var/lib/application >>>>> But, I need this account to have a real shell. How can I make SELinux happy? >>>>> >>>>> Thank you, >>>>> Vadym Chepkov >>>>> -- >>>>> selinux mailing list >>>>> selinux@xxxxxxxxxxxxxxxxxxxxxxx >>>>> https://admin.fedoraproject.org/mailman/listinfo/selinux >>>> Can you set the UID < 500? >>>> >>>> Which OS is causing this? >>>> >>>> In F12 and F13 you can add >>>> >>>> >>>> usepasswd=FALSE >>>> >>>> to /etc/selinux/semanage.conf >>>> >>>> Which will tell genhomedircon to stop looking in /etc/passwd for homedirs. >>> >>> >>> It's RHEL5, so, no such option in semanage.conf >>> >>> I have 2 userid defined this way: >>> >>> app:x:610:610:App subsystem:/var/lib/application:/bin/bash >>> appftp:x:611:611:App ftp subsystem:/var/lib/application/ftproot:/bin/bash >>> >>> >>> SELinux is only unhappy about the first one. >>> >>> I will try to change id, but it's strange it only affect one out of two >>> >>> Thanks, >>> Vadym >>> >> genhomedircon is looking for a conflict of the labeling of the parent >> directory. >> >> For app is wants to label /var/lib as home_root_t, but it sees a >> conflict in that /var/lib has a label in file_context file of var_lib_t. >> So it complains. >> >> For /var/lib/application/ftproot it looks for /var/lib/application in >> the file_context file, and does not find the line so it can label >> /var/lib/application as home_root_t and it is successful. I think in >> neither case you want those labels. >> >> genhomedircon identifies "Real Users" As any user with a UID > 0 and a >> shell in /etc/shells and not the shell /bin/false or /sbin/nologin. >> >> > > >> 500, I assume > > usermod fixed the problem, thank you. > > > Yes 500, sorry for the typo -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxFqWsACgkQrlYvE4MpobPkWgCfW8g/vh6l3cJmFADaopjO9ybt ZJoAn3y7879kCi2kadL5wzO81slg2/zu =vLkU -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
