On Fri, Dec 18, 2020 at 1:56 PM Petr Lautrbach <plautrba@xxxxxxxxxx> wrote:
>
> This reverts commit ce46daab7cc90a6b9cd3bff9f99cf40ff19c3d9a.
>
> The behavior described in the reverted commit is correct. `useradd -Z`
> creates new mapping between new created user and *unconfined_u*,
> `genhomedircon` then uses this new mapping, not /etc/passwd entries, for
> generating new homedir contexts.
I confirm this behavior. On Fedora 33 (with git master of the
userspace libraries and "usepasswd=False" in
/etc/selinux/semanage.conf):
# useradd -Z unconfined_u -d /tmp test
# matchpathcon /tmp
/tmp unconfined_u:object_r:user_home_dir_t:s0
# semanage login -l
Login Name SELinux User MLS/MCS Range Service
__default__ unconfined_u s0-s0:c0.c1023 *
root unconfined_u s0-s0:c0.c1023 *
test unconfined_u s0-s0:c0.c1023 *
# semanage login -d test
# matchpathcon /tmp
/tmp system_u:object_r:tmp_t:s0
Acked-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
I applied the commit (as it was sent quite some time ago). Thanks!
Nicolas
>
> Signed-off-by: Petr Lautrbach <plautrba@xxxxxxxxxx>
> ---
> libsemanage/src/genhomedircon.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
> index 18d3d99a1254..d08c88de99a7 100644
> --- a/libsemanage/src/genhomedircon.c
> +++ b/libsemanage/src/genhomedircon.c
> @@ -1332,7 +1332,7 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out)
> s->fallback->home = NULL;
> }
> }
> - if ((s->usepasswd) && (user_context_tpl || username_context_tpl)) {
> + if (user_context_tpl || username_context_tpl) {
> if (write_username_context(s, out, username_context_tpl,
> s->fallback) != STATUS_SUCCESS) {
> retval = STATUS_ERR;
> --
> 2.29.2
>
