On Wed, 2009-10-21 at 15:52 +1100, Russell Coker wrote: > It seems impossible to have policy that allows useradd to always get the right > context for the new home directory. > > I am thinking of patching useradd such that if the -m option is given then it > will spawn the command "restorecon -R /home/$USER" - or alternately putting > in SE Linux code to match the context for each file or directory that is > copied from /etc/skel . > > What do you think? The useradd in shadow-utils is already modified to: a) To add the user to seusers via semanage if the -Z option is used to specify a SELinux user, and b) set the fscreate context based on matchpathcon() for the user home dir prior to creating the files there. So it should already do the right thing. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
