Bug 123856
| Summary: | user home directory not lablelled correctly with selinux install | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Tom London <selinux> | ||||
| Component: | libuser | Assignee: | Miloslav Trmač <mitr> | ||||
| Status: | CLOSED WORKSFORME | QA Contact: | |||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 2 | CC: | dwalsh, sdsmall | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | i686 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2004-10-06 20:56:57 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 100423 [details]
log file created by fixfiles restore
I experienced the same result for fresh installs of FC2 on several machines. Neither root nor a non-root user created by firstboot were able to login via gdm; I had to do a console login and run fixfiles restore. I attached the log file from one of those runs above. I think that libuser should be responsible for the labelling the home directory correctly, not the code in firstboot. Changing component to libuser. useradd and libuser label the home directories exactly the same way (they do nothing special). Logging in works for me in FC3t2, for users * added by useradd * added by luseradd * added by firstboot (using useradd) * added by commented-out firsboot code (using libuser) |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510 Description of problem: The home directory for a user account created by first boot was not SELinux labelled correctly. This prevented logging in (got message that home directory did not exist) with selinux set to enforcing. Some details: /home -> system_u:object_r:home_root_t /home/tbl -> same (system_u:object_r:home_root_t) /home/tbl/* -> same /home/tbl should have been labelled system_u:object_r:user_home_dir_t and the files /home/tbl/* should have been labelled user_u:object_r:user_home_t, etc. In this installation, /home is a mount point (/home->/dev/hdb2). All partitions are of type ext3. Version-Release number of selected component (if applicable): firstboot-1.3.14-1 How reproducible: Always Steps to Reproduce: 1. install with selinux option set at install/boot prompt 2. (create partition for /home) (not sure this is important) 3. in firstboot, create user, eg. 'tbl' 4. on login prompt, login as user. Actual Results: I got the following error popup: Your home directory is listed as: '/home/tbl' but it does not appear to exist. Do you want to log in with the / (root) directory as your home directory? It is unlikely anything will work unless you use a failsafe session. Additional info: opting to use / as home directory fails miserably (as expected, I guess)