Bug 123856 - user home directory not lablelled correctly with selinux install
Summary: user home directory not lablelled correctly with selinux install
Alias: None
Product: Fedora
Classification: Fedora
Component: libuser   
(Show other bugs)
Version: 2
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: Miloslav Trmač
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2004-05-20 23:45 UTC by Tom London
Modified: 2007-11-30 22:10 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-10-06 20:56:57 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
log file created by fixfiles restore (10.20 KB, text/plain)
2004-05-21 16:23 UTC, Stephen Smalley
no flags Details

Description Tom London 2004-05-20 23:45:46 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510

Description of problem:
The home directory for a user account created by first boot was not
SELinux labelled correctly. This prevented logging in (got message
that home directory did not exist) with selinux set to enforcing.

Some details:
    /home -> system_u:object_r:home_root_t
    /home/tbl -> same (system_u:object_r:home_root_t)
    /home/tbl/* -> same

/home/tbl should have been labelled system_u:object_r:user_home_dir_t
and the files /home/tbl/* should have been labelled
user_u:object_r:user_home_t, etc.

In this installation, /home is a mount point (/home->/dev/hdb2).  All
partitions are of type ext3.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. install with selinux option set at install/boot prompt
2. (create partition for /home) (not sure this is important)
3. in firstboot, create user, eg. 'tbl'
4. on login prompt, login as user.

Actual Results:  I got the following error popup:
     Your home directory is listed as:
     but it does not appear to exist. Do you want to log in with the 
     / (root) directory as your home directory?

     It is unlikely anything will work unless you use a failsafe

Additional info:

opting to use / as home directory fails miserably (as expected, I guess)

Comment 1 Stephen Smalley 2004-05-21 16:23:07 UTC
Created attachment 100423 [details]
log file created by fixfiles restore

Comment 2 Stephen Smalley 2004-05-21 16:25:51 UTC
I experienced the same result for fresh installs of FC2 on several
machines.  Neither root nor a non-root user created by firstboot
were able to login via gdm; I had to do a console login and run fixfiles
restore.  I attached the log file from one of those runs above.

Comment 3 Brent Fox 2004-06-22 17:18:56 UTC
I think that libuser should be responsible for the labelling the home
directory correctly, not the code in firstboot.  Changing component to

Comment 4 Miloslav Trmač 2004-10-06 20:56:57 UTC
useradd and libuser label the home directories exactly the same way
(they do nothing special). Logging in works for me in FC3t2, for
* added by useradd
* added by luseradd
* added by firstboot (using useradd)
* added by commented-out firsboot code (using libuser)

Note You need to log in before you can comment on or make changes to this bug.