|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
Daniel J Walsh wrote:
I reported a similar problem on 19/02/2011 with a mail "recently-used.xbel wrong context". I hadn't managed to narrow it down to files created by initrc_t processes.On 01/23/2012 11:19 AM, Dominick Grift wrote: > On Mon, 2012-01-23 at 15:57 +0000, Moray Henderson wrote: >> Hi >> >> On CentOS 5.6, I have just noticed that if a process running >> under context initrc_t creates a file or directory within a >> user's home directory, that object gets user_home_dir_t. >> >> If an unconfined_t process does the same thing, they correctly >> get user_home_t. >> >> Was this a bug or a feature? >> >> selinux-policy-2.4.6-300.el5_6.1 >> selinux-policy-targeted-2.4.6-300.el5_6.1 >> >> >> Moray. "To err is human; to purr, feline." > I guess that depends on how you look at it but compared to recent > fedora policy i guess you could consider this to be a bug. > This is supported in Fedora 16: > # sesearch --allow -s initrc_t -t user_home_dir_t -T | grep > user_home_t type_transition initrc_t user_home_dir_t : file > user_home_t; type_transition initrc_t user_home_dir_t : dir > user_home_t; type_transition initrc_t user_home_dir_t : lnk_file > user_home_t; type_transition initrc_t user_home_dir_t : sock_file > user_home_t; type_transition initrc_t user_home_dir_t : fifo_file > user_home_t; >> >> >> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/selinux > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux Yes I would say it is a bug, since the goal of initrc_t is to work properly as an unconfined domain. Therefor it should create content in the users homedir with as close to the "right" context as possible. Not sure what process you have running as initrc_t that is creating content in the users homedir. user_home_dir_t should only be the label of the top level directory of a users homedir.
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
[Fedora Users] [Fedora Legacy] [Fedora Desktop] [Big List of Linux Books] [Yosemite Photos] [Yosemite News] [Yosemite Campsites] [KDE Users] [Gnome Users]