On Jan 5, 2011, at 2:30 AM, Russell Coker wrote: > The attached patch makes the > /etc/selinux/default/contexts/files/file_contexts.homedirs generation process > include the MCS/MLS level. > > This means that if you have a user with a MCS/MLS level that isn't SystemLow > then their home directory will be labeled such that they can have read/write > access to it by default. > > Unless anyone has any better ideas for how to solve this problem I will upload > this to Debian shortly. > > What do the MLS users do in this situation? Just relabel home directories > manually? We don't have any users that are single level > SystemLow. I do think that is a legitimate use case. We currently symlink most dot files into a polyinstatiated directory to allow terminal windows and preferences to work at multiple levels. You could polyinstantiate the home directory and not worry about the specific level. joe > > > Finally it seems that when you run "semanage user -m" the > file_contexts.homedirs doesn't get updated, it's only when you run > "semanage login -m" that it takes affect. > > -- > russell@xxxxxxxxxxxx > http://etbe.coker.com.au/ My Main Blog > http://doc.coker.com.au/ My Documents Blog > <diff> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
