Fwd: Re: SELinux and user home dirs custom contexts

Thomas Mueller <thomas@xxxxxxxxxxxxxx> · Mon, 2 Jan 2017 19:31:47 +0100



    replied to sender directly instead of the list. 

    
    - Thomas

    
      -------- Weitergeleitete Nachricht --------
      
        
            Betreff:
            
            Re: SELinux and user home dirs custom contexts
          
          
            Datum: 
            Sun, 1 Jan 2017 12:43:44 +0100
          
          
            Von: 
            Thomas Mueller <thomas@xxxxxxxxxxxxxx>
          
          
            An: 
            info@xxxxxxxxxxxx
          
        
      Hi 

      
      sounds strange.

      
      Am 31.12.2016 um 19:57 schrieb info@xxxxxxxxxxxx:

      
        I'm using SELinux with CentOS 7 for many years but I have problem with labeling of home dirs. In my policy and in semanage fcontext --list|grep '/var/www/hosts/ak-chalupova.cz' I have custom labels of files:
-----------------------------------------------------------------------------------------------------------------------
/var/www/hosts/ak-chalupova.cz(/.*)?               all files          system_u:object_r:ak-chalupova_cz_t:s0 
/var/www/hosts/ak-chalupova.cz/logs(/.*)?          all files          system_u:object_r:ak-chalupova_cz_log_t:s0 
/var/www/hosts/ak-chalupova.cz/mail(/.*)?          all files          system_u:object_r:ak-chalupova_cz_mail_t:s0 
/var/www/hosts/ak-chalupova.cz/ak-chalupova.cz/cgi-bin(/.*)? all files          system_u:object_r:ak-chalupova_cz_cgi_t:s0 
/var/www/hosts/ak-chalupova.cz/ak-chalupova.cz/cgi-bin/php.fcgi all files          system_u:object_r:ak-chalupova_cz_cgi_exec_t:s0 
-----------------------------------------------------------------------------------------------------------------------
but when I run  restorecon -R -v /var/www/hosts/ak-chalupova.cz/ it tries to label all files as user_home_t:
-----------------------------------------------------------------------------------------------------------------------
restorecon reset /var/www/hosts/ak-chalupova.cz context unconfined_u:object_r:ak-chalupova_cz_t:s0->unconfined_u:object_r:user_home_dir_t:s0
      
      maybe related to semanage.conf usepasswd param? see man
      semanage.conf:

      
                    usepasswd

                           Whether  or not to enable the use getpwent()
      to obtain a list of home directories to label. It can be set to
      either "true" or "false".  By default it is set to "true".

      
      but my centos7 installation has set usepasswd=False in
      semanage.conf.

      
      Or is 

      /var/www/hosts/ak-chalupova.cz
      a symlink to somewhere? 

      
      realpath /var/www/hosts/ak-chalupova.cz
      

      - Thomas

      
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx