Home Dir labels (manifested as a failed Flash install)
Sean Earp
seanfedora at gmail.com
Thu Apr 28 02:14:16 UTC 2005
Ivan Gyurdiev wrote:
>>-rw-r--r-- smearp smearp user_u:object_r:user_home_t flashplayer.xpt
>>-rwxr-xr-x smearp smearp user_u:object_r:texrel_shlib_t
>>
>>
>
>This is correct, but it's not done automatically, because /home is
>entirely skipped when changing the contexts after a policy upgrade.
>
>Personally, I think this is a major problem, but Daniel Walsh points out
>that (1) automatic restorecon on /home presents a security risk of
>mislabeled files ( like gpg keys and such in the wrong place), and (2)
>automatic restorecon on /home might take a very long time.
>
>I think if we are to introduce more fine-grained labeling of "$HOME" in
>the future (which we should), this problem needs to be solved somehow.
>
>
>
This is now bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=151870
The problem is apparently the fact that RPM does not support the latest
version of matchpathcon, which allows for local customizations of
homdircontext... (and as such, the incorrect security context is being
set up for the /home directory during the initial OS load) Hopefully
this can be fixed in time for the FC4 release!
-Sean
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/test/attachments/20050427/cb76e09d/attachment.html
More information about the test
mailing list