Bug 123856 - user home directory not lablelled correctly with selinux install
user home directory not lablelled correctly with selinux install
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: libuser (Show other bugs)
2
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Miloslav Trmač
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-05-20 19:45 EDT by Tom London
Modified: 2007-11-30 17:10 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-10-06 16:56:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
log file created by fixfiles restore (10.20 KB, text/plain)
2004-05-21 12:23 EDT, Stephen Smalley
no flags Details

  None (edit)
Description Tom London 2004-05-20 19:45:46 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510

Description of problem:
The home directory for a user account created by first boot was not
SELinux labelled correctly. This prevented logging in (got message
that home directory did not exist) with selinux set to enforcing.

Some details:
    /home -> system_u:object_r:home_root_t
    /home/tbl -> same (system_u:object_r:home_root_t)
    /home/tbl/* -> same

/home/tbl should have been labelled system_u:object_r:user_home_dir_t
and the files /home/tbl/* should have been labelled
user_u:object_r:user_home_t, etc.

In this installation, /home is a mount point (/home->/dev/hdb2).  All
partitions are of type ext3.



Version-Release number of selected component (if applicable):
firstboot-1.3.14-1

How reproducible:
Always

Steps to Reproduce:
1. install with selinux option set at install/boot prompt
2. (create partition for /home) (not sure this is important)
3. in firstboot, create user, eg. 'tbl'
4. on login prompt, login as user.
    

Actual Results:  I got the following error popup:
     Your home directory is listed as:
          '/home/tbl'
     but it does not appear to exist. Do you want to log in with the 
     / (root) directory as your home directory?

     It is unlikely anything will work unless you use a failsafe
session.

Additional info:

opting to use / as home directory fails miserably (as expected, I guess)
Comment 1 Stephen Smalley 2004-05-21 12:23:07 EDT
Created attachment 100423 [details]
log file created by fixfiles restore
Comment 2 Stephen Smalley 2004-05-21 12:25:51 EDT
I experienced the same result for fresh installs of FC2 on several
machines.  Neither root nor a non-root user created by firstboot
were able to login via gdm; I had to do a console login and run fixfiles
restore.  I attached the log file from one of those runs above.
Comment 3 Brent Fox 2004-06-22 13:18:56 EDT
I think that libuser should be responsible for the labelling the home
directory correctly, not the code in firstboot.  Changing component to
libuser.
Comment 4 Miloslav Trmač 2004-10-06 16:56:57 EDT
useradd and libuser label the home directories exactly the same way
(they do nothing special). Logging in works for me in FC3t2, for
users
* added by useradd
* added by luseradd
* added by firstboot (using useradd)
* added by commented-out firsboot code (using libuser)

Note You need to log in before you can comment on or make changes to this bug.