Bug 117685 - symlink in /home is not handled correctly?
symlink in /home is not handled correctly?
Product: Fedora
Classification: Fedora
Component: policycoreutils (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
: SELinux
Depends On:
  Show dependency treegraph
Reported: 2004-03-06 22:51 EST by Aleksey Nogin
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-07-22 11:33:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Aleksey Nogin 2004-03-06 22:51:10 EST
On my machine I have a symlink /home/nogin -> aleksey (this is useful
because my home dir on work machines is /home/nogin and the symlink
makes it easier to copy configs around).

For some reason the setfiles does not realize that /home/nogin is in
/home! It says:

% /usr/sbin/setfiles -d /etc/security/selinux/file_contexts /home/nogin
/usr/sbin/setfiles:  read 1224 specifications
/usr/sbin/setfiles:  labeling files under /home/nogin
/usr/sbin/setfiles:  /home/nogin matched by (/.*,system_u:object_r:file_t)
/usr/sbin/setfiles:  hash table stats: 1 elements, 1/65536 buckets
used, longest chain length 1
/usr/sbin/setfiles:  Done.

And then I see 

avc:  denied  { read } for  pid=2145
exe=/usr/lib/mozilla-1.7a/mozilla-bin name=nogin dev=hda2 ino=3777728
tcontext=system_u:object_r:file_t tclass=lnk_file

(Mozilla's prefs.js is useng /home/nogin instead of /home/aleksey to
make it easier to copy setiings between work and home).

I currently have policycoreutils-1.6-4 policy-1.7-8
Comment 1 Daniel Walsh 2004-03-18 00:10:53 EST
Tryout policy-1.9-1  
Comment 2 Aleksey Nogin 2004-03-20 16:01:40 EST

audit(1079814849.738:0): avc:  denied  { read } for  pid=2237
exe=/usr/lib/mozilla-1.6/mozilla-bin name=nogin dev=hda2 ino=3777728
tcontext=system_u:object_r:default_t tclass=lnk_file

Note You need to log in before you can comment on or make changes to this bug.