On 01/23/2012 04:48 PM, Moray Henderson wrote:
From: Dominick Grift
Sent: 23 January 2012 16:20
On Mon, 2012-01-23 at 15:57 +0000, Moray Henderson wrote:
Hi
On CentOS 5.6, I have just noticed that if a process running under
context
initrc_t creates a file or directory within a user's home directory,
that
object gets user_home_dir_t.
If an unconfined_t process does the same thing, they correctly get
user_home_t.
Was this a bug or a feature?
selinux-policy-2.4.6-300.el5_6.1
selinux-policy-targeted-2.4.6-300.el5_6.1
Moray.
"To err is human; to purr, feline."
I guess that depends on how you look at it but compared to recent
fedora
policy i guess you could consider this to be a bug.
This is supported in Fedora 16:
# sesearch --allow -s initrc_t -t user_home_dir_t -T | grep user_home_t
type_transition initrc_t user_home_dir_t : file user_home_t;
type_transition initrc_t user_home_dir_t : dir user_home_t;
type_transition initrc_t user_home_dir_t : lnk_file user_home_t;
type_transition initrc_t user_home_dir_t : sock_file user_home_t;
type_transition initrc_t user_home_dir_t : fifo_file user_home_t;
Thanks Dominick. I may still just work around it with restorecon for now, but if necessary add those transitions to custom policy when I upgrade to CentOS 6.
What kind is your application which is running as initrc_t? Maybe we
could also try to find a proper domain for this apps.
Moray.
“To err is human; to purr, feline.”
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
