Bug 426614

Summary: permissions for ~nx/.ssh=/var/lib/nxserver/.ssh
Product: [Fedora] Fedora Reporter: Need Real Name <bugzilla>
Component: selinux-policy-targetedAssignee: Josef Kubin <jkubin>
Status: CLOSED CURRENTRELEASE QA Contact: Ben Levenson <benl>
Severity: low Docs Contact:
Priority: low    
Version: 8   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Current Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-03-05 22:17:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Need Real Name 2007-12-23 00:08:47 UTC 
Description of problem:
/var/lib/nxsserver is the home directory for user 'nx' (created automatically by
the freenx rpm).

I am wondering whether /var/lib/nxerver/.ssh (which is a critical directory for
nx to work) should then have security context system_u:object_r:user_home_ssh_t
(or whatever the new unconfined version is). The current selinux context is
system_u:object_r:var_lib_t
Comment 1 Need Real Name 2008-01-15 19:17:20 UTC 
Any insight into whether this should be corrected?
Comment 2 Josef Kubin 2008-01-15 19:36:23 UTC 
I know that it is really annoying to you constantly report bugs for nxserver.
But I didn't have sufficient permissions to commit my patch for update. Feel
free to use my packages which fixes your particular problem.
http://people.redhat.com/jkubin/selinux/F8/
Update will be publicly available as selinux-policy-3.0.8-77 .

Thank you for understanding.
Comment 3 Need Real Name 2008-01-15 19:58:45 UTC 
Any insight into whether this should be corrected?
Comment 4 Need Real Name 2008-01-15 20:01:53 UTC 
Josef don't worry I'm NOT at all annoyed -- I truly appreciate all the work you
and the entire Redhat team does. I was merely asking because it seemed like you
had fixed it but it was not appearing in either updates or testing -- so I
wanted to make sure that this was not an inadvertent oversight or that I was
doing something wrong.

So again, THANKS SO MUCH for the responsiveness and I am perfectly happy despite
the occasional frustration we all experience while living on the cutting edge :)
Comment 5 Daniel Walsh 2008-03-05 22:17:09 UTC 
Bugs have been in modified for over one month.  Closing as fixed in current
release please reopen if the problem still persists.