|
l# sesearch -T -s qasd_t -c dir
Found 5 semantic te rules: type_member qasd_t user_home_dir_t : dir user_home_dir_t; type_transition qasd_t user_home_dir_t : dir user_home_t; type_transition qasd_t var_auth_t : dir qasd_var_auth_t; type_transition qasd_t etc_t : dir qasd_conf_t; type_transition qasd_t home_root_t : dir user_home_dir_t; > Date: Wed, 12 Feb 2014 11:40:14 -0500 > From: dwalsh@xxxxxxxxxx > To: swazup@xxxxxxxxxxx; selinux@xxxxxxxxxxxxxxxxxxxxxxx > Subject: Re: What is the correct way to create a users home dir > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 02/11/2014 07:32 PM, Jayson Hurst wrote: > > I want to have my daemon be able to create user home directories. It > > currently does this by running a script. What is the correct way to have > > the script create the home directory with the correct context type? > > > > In my daemons selinux policy I have set: > > > > userdom_home_filetrans_user_home_dir(qasd_t), but when the daemon launches > > the script to create a users home directory the directory is ends up with a > > context type of home_root_t instead of user_home_dir_t like I was > > expecting. > > > > What am I missing here? I was under that understanding that > > userdom_home_filetrans_user_home_dir do a type transition for me from > > home_root_t to user_home_dir_t when I created a new directory under /home. > > Is this not correct? > > > > > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > > https://admin.fedoraproject.org/mailman/listinfo/selinux > > > That is what you need. > > Could you look at > > sesearch -T -s qasd_t -c dir > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlL7o+0ACgkQrlYvE4MpobMI2wCfae2hn17XRZt0V/2lY9vvf/oL > +dcAoJgsx//6aGHnVSbmGPFOwq8MOXZl > =NLXN > -----END PGP SIGNATURE----- |
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
