<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>I am trying to figure out why a policy that was written on RHEL 6.0 doesn't work the same on RHEL 6.5.<br><br>I have a policy whose domain is vasd_t <BR> <BR>I am using the userdomain.if interface call which is supposed to give the domain access to create directories in the home dir root with the user home directory type.<BR> userdom_home_filetrans_user_home_dir(vasd_t)<br><BR>Which calls:<BR> files_home_filetrans($1, user_home_dir_t, dir)<BR>Which calls:<BR> filetrans_pattern($1, home_root_t, $2, $3)<BR> <BR>Which is defined as:<BR> allow $1 $2:dir rw_dir_perms;<br> type_transition $1 $2:$4 $3;<BR> <BR>I would expect this to allow me to create a new directory in /home which is of type home_root_t, but what I am seeing is that the new homedir is being created with the type of home_root_t and not user_home_dir_t as expected.<BR> <BR>I have also tried not calling the interface methods and defining it by hand as:<BR> <BR>allow vasd_t home_root_t:dir rw_dir_perms;<BR>type_transition vasd_t home_root_t:dir user_home_dir_t;<br><BR>I have also tried calling userdom_create_user_home_dirs(vasd_t)<BR> <BR>sesearch shows:<BR> <BR>$ sesearch -AC | grep 'allow vasd_t' | grep ': dir' | grep home_root_t<br> allow vasd_t home_root_t : dir { ioctl read write getattr lock add_name remove_name search open } ;<BR> <BR>The way the daemon works that is associated to the vasd_t domain is that it calls a script that does the actual creation of the homedir. I believe the problem lies in this fact that perhaps the script isn't being invoked in a way to give it proper creation rights.<BR> <BR>Like I said this use to work in RHEL 6.0 but now I cannot seem to get it to work in 6.5. Any help would be appreciated. I don't know what I am missing here.<BR> </div></body>
</html>