Re: What is the correct way to create a users home dir

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/12/2014 01:05 PM, Jayson Hurst wrote:
> l# sesearch -T -s qasd_t -c dir Found 5 semantic te rules: type_member
> qasd_t user_home_dir_t : dir user_home_dir_t; type_transition qasd_t
> user_home_dir_t : dir user_home_t; type_transition qasd_t var_auth_t : dir
> qasd_var_auth_t; type_transition qasd_t etc_t : dir qasd_conf_t; 
> type_transition qasd_t home_root_t : dir user_home_dir_t;
> 
That looks correct.  Not sure why you are getting a mislabeled directory.
>> Date: Wed, 12 Feb 2014 11:40:14 -0500 From: dwalsh@xxxxxxxxxx To:
>> swazup@xxxxxxxxxxx; selinux@xxxxxxxxxxxxxxxxxxxxxxx Subject: Re: What is
>> the correct way to create a users home dir
>> 
> On 02/11/2014 07:32 PM, Jayson Hurst wrote:
>> I want to have my daemon be able to create user home directories. It 
>> currently does this by running a script. What is the correct way to have 
>> the script create the home directory with the correct context type?
> 
>> In my daemons selinux policy I have set:
> 
>> userdom_home_filetrans_user_home_dir(qasd_t), but when the daemon
>> launches the script to create a users home directory the directory is
>> ends up with a context type of home_root_t instead of user_home_dir_t
>> like I was expecting.
> 
>> What am I missing here? I was under that understanding that 
>> userdom_home_filetrans_user_home_dir do a type transition for me from 
>> home_root_t to user_home_dir_t when I created a new directory under
>> /home. Is this not correct?
> 
> 
>> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 
> That is what you need.
> 
> Could you look at
> 
> sesearch -T -s qasd_t -c dir
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlL7uYgACgkQrlYvE4MpobO4IACfZrQrNBqpO2+JjhJB+mnJZAzX
+3gAn2SL1k7Aarila06lRqpQ7i90Hu27
=fyNv
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux