In the stable branch, genhomedircon will ignore making home dir contexts for linux users mapped to user_u. For a long time, this was fine since user_u was the default for strict and targeted. With a merged strict-targeted policy, a more targeted-like system will have unconfined_u as the default. If you then try to make a confined user_u user, a set of home directory contexts will not be created. This patch fixes the behavior. I made a cursory look through the trunk C genhomedircon, and did not see this behavior, but someone should probably doublecheck. Index: policycoreutils/scripts/genhomedircon =================================================================== --- policycoreutils/scripts/genhomedircon (revision 2890) +++ policycoreutils/scripts/genhomedircon (working copy) @@ -193,7 +193,7 @@ return prefix def adduser(self, udict, user, seuser, prefix): - if seuser == "user_u" or user == "__default__" or user == "system_u": + if user == "__default__" or user == "system_u": return # !!! chooses first prefix in the list to use in the file context !!! try: -- Chris PeBenito <pebenito@xxxxxxxxxx> Developer, Hardened Gentoo Linux Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243
Attachment:
signature.asc
Description: This is a digitally signed message part
