There are a bunch of files and directories in my F10 home dirs that have type unconfined_u:object_r:user_home_t, but matchpathcon says they are supposed to be system_u:object_r:user_home_t. I tried to run restorecon but it isn't changing the type:
[root@l 9:06:49 /home/install]#matchpathcon /home/install/Templates /home/install/Templates system_u:object_r:user_home_t:s0 [root@l 9:06:51 /home/install]#ls -lZd Templates drwxr-xr-x install install unconfined_u:object_r:user_home_t:s0 Templates/ [root@l 9:06:56 /home/install]#restorecon -R Templates [root@l 9:07:07 /home/install]#ls -lZd Templates drwxr-xr-x install install unconfined_u:object_r:user_home_t:s0 Templates/
[root@l 9:07:10 /home/install]#su - install [install@l ~]$ restorecon -R . [install@l ~]$ restorecon -R Templates/ [install@l ~]$ logout [root@l 9:08:23 /home/install]#ls -lZd Templates drwxr-xr-x install install unconfined_u:object_r:user_home_t:s0 Templates/
Why does this happen?
Chuck Anderson wrote:
There are a bunch of files and directories in my F10 home dirs that have type unconfined_u:object_r:user_home_t, but matchpathcon says they are supposed to be system_u:object_r:user_home_t. I tried to run restorecon but it isn't changing the type:
[root@l 9:06:49 /home/install]#matchpathcon /home/install/Templates /home/install/Templates system_u:object_r:user_home_t:s0 [root@l 9:06:51 /home/install]#ls -lZd Templates drwxr-xr-x install install unconfined_u:object_r:user_home_t:s0 Templates/ [root@l 9:06:56 /home/install]#restorecon -R Templates [root@l 9:07:07 /home/install]#ls -lZd Templates drwxr-xr-x install install unconfined_u:object_r:user_home_t:s0 Templates/
[root@l 9:07:10 /home/install]#su - install [install@l ~]$ restorecon -R . [install@l ~]$ restorecon -R Templates/ [install@l ~]$ logout [root@l 9:08:23 /home/install]#ls -lZd Templates drwxr-xr-x install install unconfined_u:object_r:user_home_t:s0 Templates/
Why does this happen?
restorecon doesn't change the user part of a context unless you use -F.
Paul.
On Fri, 2008-11-21 at 09:11 -0500, Chuck Anderson wrote:
There are a bunch of files and directories in my F10 home dirs that have type unconfined_u:object_r:user_home_t, but matchpathcon says they are supposed to be system_u:object_r:user_home_t. I tried to run restorecon but it isn't changing the type:
[root@l 9:06:49 /home/install]#matchpathcon /home/install/Templates /home/install/Templates system_u:object_r:user_home_t:s0 [root@l 9:06:51 /home/install]#ls -lZd Templates drwxr-xr-x install install unconfined_u:object_r:user_home_t:s0 Templates/ [root@l 9:06:56 /home/install]#restorecon -R Templates [root@l 9:07:07 /home/install]#ls -lZd Templates drwxr-xr-x install install unconfined_u:object_r:user_home_t:s0 Templates/
[root@l 9:07:10 /home/install]#su - install [install@l ~]$ restorecon -R . [install@l ~]$ restorecon -R Templates/ [install@l ~]$ logout [root@l 9:08:23 /home/install]#ls -lZd Templates drwxr-xr-x install install unconfined_u:object_r:user_home_t:s0 Templates/
Why does this happen?
The type is correct; only the user is wrong. restorecon ignores differences in the user by default. restorecon -F if you truly care.
[root@l 9:08:23 /home/install]#ls -lZd Templates drwxr-xr-x install install unconfined_u:object_r:user_home_t:s0 Templates/
Why does this happen?
The type is correct; only the user is wrong. restorecon ignores differences in the user by default. restorecon -F if you truly care.
Thanks for the clarification. I'm sure I got tripped up by this before...
I was getting lots of SELinux alerts related to /home/<user>/.{gconf,ssh,...} dotfiles.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Chuck Anderson wrote:
[root@l 9:08:23 /home/install]#ls -lZd Templates drwxr-xr-x install install unconfined_u:object_r:user_home_t:s0 Templates/
Why does this happen?
The type is correct; only the user is wrong. restorecon ignores differences in the user by default. restorecon -F if you truly care.
Thanks for the clarification. I'm sure I got tripped up by this before...
I was getting lots of SELinux alerts related to /home/<user>/.{gconf,ssh,...} dotfiles.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
These were probably related to nsplugin_t, which requires the homedir to be labeled correctly. You can use restorecond to help you manage this.
User componant of selinux context is pretty much ignored in targeted policy.
selinux@lists.fedoraproject.org
-
Chuck Anderson -
Daniel J Walsh -
Paul Howarth -
Stephen Smalley