-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/12/2014 01:31 PM, Jayson Hurst wrote: > Same results: > > # ls -laZ drwxr-xr-x. root root system_u:object_r:home_root_t:s0 . > dr-xr-xr-x. root root system_u:object_r:root_t:s0 .. > > # ssh tu-1@localhost tu-1@localhost's password: > > -sh-4.1$ ls -laZ drwx------. tu-1 UnixGroup > system_u:object_r:home_root_t:s0 . drwxr-xr-x. root root > system_u:object_r:home_root_t:s0 .. -rw-r--r--. tu-1 UnixGroup > system_u:object_r:home_root_t:s0 .bash_logout -rw-r--r--. tu-1 UnixGroup > system_u:object_r:home_root_t:s0 .bash_profile -rw-r--r--. tu-1 UnixGroup > system_u:object_r:home_root_t:s0 .bashrc drwxr-xr-x. tu-1 UnixGroup > system_u:object_r:home_root_t:s0 .gnome2 drwxr-xr-x. tu-1 UnixGroup > system_u:object_r:home_root_t:s0 .mozilla -rw-------. tu-1 UnixGroup > unconfined_u:object_r:home_root_t:s0 .vas_disauthcc_100001 -rw-r--r--. tu-1 > UnixGroup system_u:object_r:home_root_t:s0 .vas_logon_server -sh-4.1$ exit > logout Connection to localhost closed. > > # ls -laZ drwxr-xr-x. root root system_u:object_r:home_root_t:s0 . > dr-xr-xr-x. root root system_u:object_r:root_t:s0 .. > drwx------. tu-1 UnixGroup system_u:object_r:home_root_t:s0 tu-1 > > Does the home directory creation script have to be labelled any particular > type? The main daemon is running as type qasd_t and the binary is labelled > as qasd_exec_t, the script is labelled as qasd_bin_t. I am not sure if this > matters. > > unconfined_u:system_r:qasd_t:s0 root 4321 1 0 Feb11 ? > 00:00:12 /opt/quest/sbin/.vasd -p /var/opt/quest/vas/vasd/.vasd.pid > unconfined_u:system_r:qasd_t:s0 daemon 4333 4321 0 Feb11 ? > 00:00:23 /opt/quest/sbin/.vasd -p /var/opt/quest/vas/vasd/.vasd.pid > > The script that creates the directory is doing nothing special, just a > mkdir /home/$username, sets the user as the owner and changes permissions > and then copies over the skel files. > > >> Date: Wed, 12 Feb 2014 13:12:58 -0500 From: dwalsh@xxxxxxxxxx To: >> swazup@xxxxxxxxxxx; selinux@xxxxxxxxxxxxxxxxxxxxxxx Subject: Re: What is >> the correct way to create a users home dir >> > On 02/12/2014 01:05 PM, Jayson Hurst wrote: >> l# sesearch -T -s qasd_t -c dir Found 5 semantic te rules: type_member >> qasd_t user_home_dir_t : dir user_home_dir_t; type_transition qasd_t >> user_home_dir_t : dir user_home_t; type_transition qasd_t var_auth_t : >> dir qasd_var_auth_t; type_transition qasd_t etc_t : dir qasd_conf_t; >> type_transition qasd_t home_root_t : dir user_home_dir_t; > > > Could you test again. > > I wonder if the script is actually running as qasd_t, could you run id -Z within the script to write its label to a file. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlL7wPYACgkQrlYvE4MpobMQFwCffP8DPoNJ5anffoAgXrXSwHcP dvUAoIcRY1q7qaSdXIen2oWhQAe8C80D =02X7 -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
