Problems creating a directory in /usr
Miroslav Grepl
mgrepl at redhat.com
Fri Feb 8 11:58:44 UTC 2013
On 02/08/2013 12:53 PM, Dominick Grift wrote:
> On Fri, 2013-02-08 at 10:55 +0000, Clive Hills wrote:
>
>> which I find confusing as it makes no reference to the /usr/realman or
>> for that matter /usr directories.
>>
>>
>> Please advise what I need to do to have it writeable by this
>> application (which is closed source to which I have no access.
>>
>>
>> Many thanks
>> Clive
>>
> In this case, if i really wanted this app, i would just let useradd
> create that dir once (e.g. run the app in permissive mode the first time
> so that it can create the dir: (setenforce 0; "run the app"; setenforce
> 1)
>
> Basically this should not be allowed for useradd_t in policy. The /usr
> directory is not for user home directories. a more appropriate location
> would probably be /var/lib/realman.
>
> But once the directory is there then SELinux should probably no longer
> have a problem, at least until you remove the app (then userdel will
> probably be trying to remove it and be denied)
>
> Actually this is something to consider for the SELinux devs in the
> future: I do not see a need to run useradd with a domain transition. It
> only causes issiues like these for unconfined users.
Dominick,
do you run without this transition on your system? Basically we want to
move some transitions in F19 from unconfined_t.
>
>
>>
>> --
>> selinux mailing list
>> selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
More information about the selinux
mailing list