OK, I just did a fresh everything install with today's development snapshot and it is looking good. I let things default to enforcing and was able to login.
However ... I then added a couple of other userids. Before doing that with system-config-users, I edited to /etc/security/selinux/src/users file to define one of these as an "admin" user.
Oops, I cannot login because it cannot find the home directory (because it has incompatible attributes). OK, so I login as root (role=sysadm_r) and run "fixfiles relabel". Then I logout but now gdm cannot come up! OK, go to a VT and login as root ... run "make reload" and "make relabel" and then reboot.
While s-c-u should handle the application of proper attributes (it needs to be selinux aware and supporting), I should not need to keep running relabel.
One of the other things I noticed is that after installation the partitions lost-found directory did not have any attributes ... after running relabel it did. Shouldn't this be handled by the installer? I wonder what happens if you format a new partition?
Gene
Gene Czarcinski wrote:
OK, I just did a fresh everything install with today's development snapshot and it is looking good. I let things default to enforcing and was able to login.
However ... I then added a couple of other userids. Before doing that with system-config-users, I edited to /etc/security/selinux/src/users file to define one of these as an "admin" user.
Oops, I cannot login because it cannot find the home directory (because it has incompatible attributes). OK, so I login as root (role=sysadm_r) and run "fixfiles relabel". Then I logout but now gdm cannot come up! OK, go to a VT and login as root ... run "make reload" and "make relabel" and then reboot.
While s-c-u should handle the application of proper attributes (it needs to be selinux aware and supporting), I should not need to keep running relabel.
Yes, s-c-u needs to be more SELinux aware. Currently user management needs to be worked on before final release.
One of the other things I noticed is that after installation the partitions lost-found directory did not have any attributes ... after running relabel it did. Shouldn't this be handled by the installer? I wonder what happens if you format a new partition?
Gene
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
On 27.03.2004 10:34, Daniel J Walsh wrote:
While s-c-u should handle the application of proper attributes (it needs to be selinux aware and supporting), I should not need to keep running relabel.
Yes, s-c-u needs to be more SELinux aware. Currently user management needs to be worked on before final release.
See also https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=118571
On Saturday 27 March 2004 20:00, Aleksey Nogin wrote:
On 27.03.2004 10:34, Daniel J Walsh wrote:
While s-c-u should handle the application of proper attributes (it needs to be selinux aware and supporting), I should not need to keep running relabel.
Yes, s-c-u needs to be more SELinux aware. Currently user management needs to be worked on before final release.
See also https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=118571
Yes, there a two or three (mine, yours, ?) related bugzilla reports which look at this from different perspectives. Regardless, something needs to be done for FC2 final or it is going to be very confusing for the user.
Gene
selinux@lists.fedoraproject.org