> From: Dominick Grift > Sent: 23 January 2012 16:20 > > On Mon, 2012-01-23 at 15:57 +0000, Moray Henderson wrote: > > Hi > > > > On CentOS 5.6, I have just noticed that if a process running under > context > > initrc_t creates a file or directory within a user's home directory, > that > > object gets user_home_dir_t. > > > > If an unconfined_t process does the same thing, they correctly get > > user_home_t. > > > > Was this a bug or a feature? > > > > selinux-policy-2.4.6-300.el5_6.1 > > selinux-policy-targeted-2.4.6-300.el5_6.1 > > > > > > Moray. > > "To err is human; to purr, feline." > > I guess that depends on how you look at it but compared to recent > fedora > policy i guess you could consider this to be a bug. > > This is supported in Fedora 16: > > # sesearch --allow -s initrc_t -t user_home_dir_t -T | grep user_home_t > type_transition initrc_t user_home_dir_t : file user_home_t; > type_transition initrc_t user_home_dir_t : dir user_home_t; > type_transition initrc_t user_home_dir_t : lnk_file user_home_t; > type_transition initrc_t user_home_dir_t : sock_file user_home_t; > type_transition initrc_t user_home_dir_t : fifo_file user_home_t; > Thanks Dominick. I may still just work around it with restorecon for now, but if necessary add those transitions to custom policy when I upgrade to CentOS 6. Moray. “To err is human; to purr, feline.” -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
