Hello everyone,
when investigating a bug report [1], I found that homedir context
definitions (specified in .fc file) are changed based on the
corresponding user (selinux user, role and mls level from the context
definition are replaced - [2]).
While replacing the selinux user and role makes sense, I'm wondering if
the mls level from each homedir context definition should instead be
compared to corresponding user's mls range (and either kept or replaced
to ensure given user has access to it).
I have no problem with writing the patch, but I could use help
understanding what the correct behaviour should be (and why).
Any pointers would be apprecited.
Thank you.
[1] - https://bugzilla.redhat.com/show_bug.cgi?id=1818472
[2] -
https://github.com/SELinuxProject/selinux/blob/master/libsemanage/src/genhomedircon.c#L638
--
Vit Mojzis
Software Engineer, Platform Security - SELinux userspace
Red Hat, Inc.
