<snip>
suddenly change labels. I could not disagree more.
The argument here is whether or not /root is a "homedirectory" I don't
agree that it is, at least it is not the same as /home/dwalsh.
They are different and the tools should treat them different.
Allowing a domain to interact with /root is different then allowing it
to interact with /home/dwalsh. By allowing random users to accidentally
change this is in my mind a security risk.
I want genhomedircon to handle the case when a user puts his home
directories in /home/devel/ and /export/home. So I need genhomedircon.
But I intend to write policy that relies on the /root directory having a
fixed file context.
Ok, the tools should be policy agnostic IMO, and this patch hard codes a
behavior that is policy specific.
I'm not going to merge this patch but if/when you or someone sends one that
addresses the issue in a flexible way I'll be more open to that.
My suggestion is to make an excluded paths variable in semanage.conf that allows
downstream users to exclude the paths they care about (alternatively an included
paths list might be more appropriate, but I'd have to think that through).
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
