Problems creating a directory in /usr
Dominick Grift
dominick.grift at gmail.com
Fri Feb 8 11:53:03 UTC 2013
On Fri, 2013-02-08 at 10:55 +0000, Clive Hills wrote:
> which I find confusing as it makes no reference to the /usr/realman or
> for that matter /usr directories.
>
>
> Please advise what I need to do to have it writeable by this
> application (which is closed source to which I have no access.
>
>
> Many thanks
> Clive
>
In this case, if i really wanted this app, i would just let useradd
create that dir once (e.g. run the app in permissive mode the first time
so that it can create the dir: (setenforce 0; "run the app"; setenforce
1)
Basically this should not be allowed for useradd_t in policy. The /usr
directory is not for user home directories. a more appropriate location
would probably be /var/lib/realman.
But once the directory is there then SELinux should probably no longer
have a problem, at least until you remove the app (then userdel will
probably be trying to remove it and be denied)
Actually this is something to consider for the SELinux devs in the
future: I do not see a need to run useradd with a domain transition. It
only causes issiues like these for unconfined users.
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
More information about the selinux
mailing list