Bug 433429

Summary: genhomedircon creates duplicate entries
Product: Red Hat Enterprise Linux 5 Reporter: Christian Jung <cbolz>
Component: policycoreutilsAssignee: Daniel Walsh <dwalsh>
Status: CLOSED ERRATA QA Contact: Ben Levenson <benl>
Severity: low Docs Contact:
Priority: low    
Version: 5.1CC: dwalsh, mkoci, pgraner, syeghiay
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-01-20 22:00:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Christian Jung 2008-02-19 08:55:35 UTC 
Description of problem:
genhomedircon creates entries in
/etc/selinux/targeted/contexts/files/file_contexts.homedirs to setup SELinux
labels for /home, /root,...

If one use has $HOME set to /usr/local/$USER, genhomedircon also add entries for
/usr/local. This is conflicting with existing entries in file_contexts.

Users see warning messages about duplicate entries:
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications
for /usr/local/lost\+found/.*.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications
for /usr/local/\.journal.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications
for /usr/local/lost\+found.

Version-Release number of selected component (if applicable):
policycoreutils-1.33.12-12.el5

How reproducible:
always

Steps to Reproduce:
1. create a new user with $HOME in /usr/local:
useradd -d /usr/local/test test
2. execute genhomedircon to update file_contexts.homedirs
genhomedircon
3. login to localhost with ssh:
ssh localhost
(this is only an example, other commands also throw warning messages)

Actual results:
warning messages (see above)

Expected results:
no warning message

Additional info:
genhomedircon should not create entries for directories which are already
included in file_contexts.
Comment 1 Daniel Walsh 2008-02-19 15:32:49 UTC 
Too late to put this into U2,  Should be fixed in U3.  For now, don't do that. 
Homedirs should not be in /usr/local.  If you have a service with a homedir in
/usr/local, it should have a shell of /sbin/nologin or /bin/false.  And/or have
a UID < 500.
Comment 2 RHEL Program Management 2008-06-04 22:46:31 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 3 Daniel Walsh 2008-09-17 20:01:34 UTC 
Fixed in policycoreutils-1.33.12-14.1.el5
Comment 8 Daniel Walsh 2008-11-04 20:32:16 UTC 
Fixed in policycoreutils-1.33.12-14.2.el5
Comment 13 errata-xmlrpc 2009-01-20 22:00:31 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0206.html