On Fri, 2013-02-08 at 10:55 +0000, Clive Hills wrote: > which I find confusing as it makes no reference to the /usr/realman or > for that matter /usr directories. > > > Please advise what I need to do to have it writeable by this > application (which is closed source to which I have no access. > > > Many thanks > Clive > In this case, if i really wanted this app, i would just let useradd create that dir once (e.g. run the app in permissive mode the first time so that it can create the dir: (setenforce 0; "run the app"; setenforce 1) Basically this should not be allowed for useradd_t in policy. The /usr directory is not for user home directories. a more appropriate location would probably be /var/lib/realman. But once the directory is there then SELinux should probably no longer have a problem, at least until you remove the app (then userdel will probably be trying to remove it and be denied) Actually this is something to consider for the SELinux devs in the future: I do not see a need to run useradd with a domain transition. It only causes issiues like these for unconfined users. > > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
