>>>>> >>>>> P.S. On related note, how do $HOME files get their labeling? >> >> It depends, When all is right then files in Home get created with the >> proper contexts by means of "type transitions" basically rules. >> >> example: >> >> if a process with type pyzor_t creates a file in a directory with type >> user_home_dir_t then "type transition" from user_home_dir_t to pyzor_home_t. >> >> But in gnome-session there is also restorecond -u watching contexts in home. >> >> Basically it compares contexts in home with whats defined in semanage >> fcontext (or homedir.template) and resets contexts accordingly. (this is >> some hack to ensure that user home dir content is labelled properly) > > That was my question, how do you define it in semanage fcontext? > I see explicit references to /root/ home, but what about users home? > Some sort of keyword/macro? I can see this in pyzor.fc HOME_DIR/\.pyzor(/.*)? gen_context(system_u:object_r:pyzor_home_t,s0) HOME_DIR/\.spamd(/.*)? gen_context(system_u:object_r:pyzor_home_t,s0) But you won't find anything like this in semanage fcontext -l output. A bug? >> >>>>> # semanage fcontext -l|grep pyzor >>>>> has reference only to >>>>> /root/\.pyzor(/.*)? all files system_u:object_r:pyzor_home_t:s0 >>>>> >>>>> but, directory gets proper labeling: >>>>> >>>>> # ls -dZ /home/vchepkov/.pyzor >>>>> drwx------. vchepkov users unconfined_u:object_r:spamc_home_t:s0 /home/vchepkov/.pyzor >>>>> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
