Re: Home Dir labels (manifested as a failed Flash install)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Ivan Gyurdiev wrote: 
-rw-r--r--  smearp   smearp   user_u:object_r:user_home_t      flashplayer.xpt
-rwxr-xr-x  smearp   smearp   user_u:object_r:texrel_shlib_t    
    

This is correct, but it's not done automatically, because /home is
entirely skipped when changing the contexts after a policy upgrade.

Personally, I think this is a major problem, but Daniel Walsh points out
that (1) automatic restorecon on /home presents a security risk of
mislabeled files ( like gpg keys and such in the wrong place), and (2)
automatic restorecon on /home might take a very long time. 

I think if we are to introduce more fine-grained labeling of "$HOME" in
the future (which we should), this problem needs to be solved somehow.
This is now bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=151870

The problem is apparently the fact that RPM does not support the latest version of matchpathcon, which allows for local customizations of homdircontext... (and as such, the incorrect security context  is being set up for the /home directory during the initial OS load) Hopefully this can be fixed in time for the FC4 release!

-Sean
[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]