On 11/2/20 3:45 PM, Vit Mojzis wrote:
Hello everyone,
when investigating a bug report [1], I found that homedir context definitions
(specified in .fc file) are changed based on the corresponding user (selinux
user, role and mls level from the context definition are replaced - [2]).
While replacing the selinux user and role makes sense, I'm wondering if the mls
level from each homedir context definition should instead be compared to
corresponding user's mls range (and either kept or replaced to ensure given user
has access to it).
I have no problem with writing the patch, but I could use help understanding
what the correct behaviour should be (and why).
Any pointers would be apprecited.
I think the behavior should be that it replaces the level with the default level
of the user (from the user policy statement) and that possibly should be
overridden by the bottom level of whatever range is specified for that login
user (from the seusers file).
--
Chris PeBenito
