Bug 758207

Summary: selinux blocks access to separate home partition after installation
Product: [Fedora] Fedora Reporter: Filip Skola <fskola>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: amarecek, andrea.cimatoribus, dominick.grift, dwalsh, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-13 20:11:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
audit.log from first denial to the end none

Description Filip Skola 2011-11-29 14:45:02 UTC 
I installed a clean F16 system on disk with standalone home. I used manual partitioning since I didn't want to lose my data. After installation I changed ownership of /home/user properly.

The issue is that selinux doesn't recognize /home partition as a home partition and prevents the system from using in properly. Eg. when I was trying to log in KDE, it printed out an error saying that logging failed when using home=/.

I suppose that this is caused by misconfigured selinux-policy which is not precisely a bug, but I'd expect some option to relabel existing files when installing Fedora. I've tried to run restorecon manually, but it didn't help at all.

I'd also like to add, that this applies also to newly created users, with home dir copied from skel. After umounting /home and creating new user, login was possible. Interesting is also that F14 system was present on the computer before F16. But I didn't do an upgrade, but reinstall.


Version-Release number of selected component (if applicable): Fedora 16 installed from multiboot live DVD (KDE was running; x86_64)


How reproducible: I think that always after described circumstances, but didn't tested


Steps to Reproduce: above
  

Actual results: Users can't log in after install


Expected results: logging into the newly installed system


Additional info: above
Comment 1 Miroslav Grepl 2011-11-29 15:07:51 UTC 
I would like to see some AVC msgs related to this issue from permissive mode.
Comment 2 Filip Skola 2011-12-09 16:36:30 UTC 
Created attachment 544624 [details]
audit.log from first denial to the end
Comment 3 Daniel Walsh 2011-12-13 20:11:41 UTC 
setsebool -P use_nfs_home_dirs 1

You seem to have /home mounted on NFS?
Comment 4 Filip Skola 2012-01-30 12:13:20 UTC 
(In reply to comment #3)
> setsebool -P use_nfs_home_dirs 1
> 
> You seem to have /home mounted on NFS?

No, /home is local partition on that system.
Comment 5 Daniel Walsh 2012-01-30 21:13:28 UTC 
Your AVC's show xdm_t (kdm) trying to write to a directory, 
bragoslav, which is labeled nfs_t?
Comment 6 Andrea 2014-04-09 08:42:16 UTC 
This bug is still present installing Fedora 20 (64 bit, xfce spin). After installation it is not possible to login correctly using the old home partition from a previous install (with the partition on the same hard drive as /).
A simple work around is to execute
$ restorecon -R /home
after installation, but anaconda should do it automatically since a separate home partition is a common setup, also suggested in fedora documentation.
Comment 7 Daniel Walsh 2014-04-14 16:45:20 UTC 
Andrea this bug relates to nfs?  If you have a new bug pleas open a new bugzilla.
Comment 8 Andrea 2014-04-15 08:43:45 UTC 
Sorry, I missed the focus on NFS. I filed a new bug 1087736.