[Note: I sent this message yesterday without first subscribing to
the list -- intending to check the web archive for responses.
Because my message has not yet shown up in the web archive, I
subscribed in order to re-send this. My apologies if both messages
make it out of the moderation queue.]
Last summer, I set up a network with about a dozen stationary boxes
and 15-20 moveable users. All users are authenticating via FreeIPA,
and have their home directories NFS-mounted from a central file
server. Both the desktop boxes and the file server were running
Fedora 16.
+ User home directories were mounted from "/srv/exports/<user_name>".
+ The desktop boxes had SE Linux boolean "use_nfs_home_dirs=1".
+ The file server had "/etc/selinux/targeted/contexts/files/
file_contexts.local" with:
/srv system_u:object_r:home_root_t:s0
All was working well.
In March, I upgraded all of the desktop boxes, as well as the file
server and the FreeIPA server to Fedora 18.
+ User home directories are still mounted from "/srv/exports/
<user_name>".
+ The desktop boxes still have SE Linux boolean "use_nfs_home_dirs=1".
+ The file server still has "/etc/selinux/targeted/contexts/files/
file_contexts.local" with:
/srv system_u:object_r:home_root_t:s0
The problems is that, as some users create files, they are being
created with context:
"system_u:object_r:user_home_t:s0"
rather than:
"unconfined_u:object_r:user_home_t:s0"
If I run "restorecon -FR /srv" , then the files are re-labelled to
the "unconfined_u".
I don't know how frequently files are created with the wrong context.
Any ideas as to what is happening?
Thanks.
--
Mike
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
