On Sat, Apr 23, 2016 at 8:04 AM, Jason Zaman <jason@xxxxxxxxxxxxx> wrote:
Version 2 of the genhomedircon patches. These fix a few issues
that Nicolas Iooss found.
Changes from v1:
- Changed the fallback for the username to "[^/]+" instead of
"[^/]*" or ".*"
- Made args const in write_replacements()
- Combined the %{USERNAME} and %{USERID} replacements into one
method so they both get called together. This means that
fcontexts like "%{USERNAME}-%{USERID}" become eg "root-0"
as expected.
- I left the gid param in the struct for now. genhomedircon
does not generate things for eg "%wheel" which I will look
into later.
Hello,
I have read these patches and tested them on my system. They seem to work fine: I added some corner-case file context patterns to my policy (mixing USER, %{USERNAME}, %{USERID}, ROLE and system_u) and checked the content of /etc/selinux/.../contexts/files/file_contexts.homedirs, the result of "matchpathcon" (on existing and non-existing paths) and the behavior of systemd-logind (which labels correctly the files). This set of patches looks good to me.
Thanks,
Nicolas
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
