-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/20/2010 08:08 AM, Vadym Chepkov wrote:
On Jul 19, 2010, at 9:32 AM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 07/16/2010 12:56 PM, Vadym Chepkov wrote:
>> Hi,
>>
>> Whenever I try to modify a policy I get a warning like this:
>>
>> /usr/sbin/genhomedircon will not create a new context. This usually indicates an
incorrectly defined system account. If it is a system account please make sure its login
shell is /sbin/nologin.
>>
>> And this is true, I did create a system account with home in
/var/lib/application
>> But, I need this account to have a real shell. How can I make SELinux happy?
>>
>> Thank you,
>> Vadym Chepkov
>> --
>> selinux mailing list
>> selinux(a)lists.fedoraproject.org
>>
https://admin.fedoraproject.org/mailman/listinfo/selinux
> Can you set the UID < 500?
>
> Which OS is causing this?
>
> In F12 and F13 you can add
>
>
> usepasswd=FALSE
>
> to /etc/selinux/semanage.conf
>
> Which will tell genhomedircon to stop looking in /etc/passwd for homedirs.
It's RHEL5, so, no such option in semanage.conf
I have 2 userid defined this way:
app:x:610:610:App subsystem:/var/lib/application:/bin/bash
appftp:x:611:611:App ftp subsystem:/var/lib/application/ftproot:/bin/bash
SELinux is only unhappy about the first one.
I will try to change id, but it's strange it only affect one out of two
Thanks,
Vadym
genhomedircon is looking for a conflict of the labeling of the parent
directory.
For app is wants to label /var/lib as home_root_t, but it sees a
conflict in that /var/lib has a label in file_context file of var_lib_t.
So it complains.
For /var/lib/application/ftproot it looks for /var/lib/application in
the file_context file, and does not find the line so it can label
/var/lib/application as home_root_t and it is successful. I think in
neither case you want those labels.
genhomedircon identifies "Real Users" As any user with a UID > 0 and a
shell in /etc/shells and not the shell /bin/false or /sbin/nologin.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAkxFozoACgkQrlYvE4MpobPrVACgsCjfZOsafXf99jqwI4iZChix
K8oAnRsCl9Tzx2uPeQAEh+7O3RxebdY5
=TAK4
-----END PGP SIGNATURE-----