Bug 139433 - SELinux FAQ - resultes of id -Z for root incorrect for targeted policy
SELinux FAQ - resultes of id -Z for root incorrect for targeted policy
Product: Fedora Documentation
Classification: Fedora
Component: selinux-faq (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Karsten Wade
Tammy Fox
: 142182 (view as bug list)
Depends On:
Blocks: 118757
  Show dependency treegraph
Reported: 2004-11-15 17:36 EST by Karsten Wade
Modified: 2007-04-18 13:15 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-12-31 13:00:51 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Karsten Wade 2004-11-15 17:36:12 EST
Description of change/FAQ addition.  If a change, include the original
text first, then the changed text:

Under the targeted policy, the context of the root account is
different than in the examples in the FAQ.  If the examples should
reflect the more common targeted policy, these should be changed.



 id -Z


 id -Z

Version-Release of FAQ (found on
for example:

  selinux-faq-1.3-4 (2004-11-09-T16:20-0800)
Comment 1 Karsten Wade 2004-12-20 16:53:29 EST
*** Bug 142182 has been marked as a duplicate of this bug. ***
Comment 2 Karsten Wade 2004-12-31 13:00:51 EST
Added in 1.3-5, coming live Real Soon Now (TM).

## The Q/A

Q:  How can I create a new Linux user account with the user's home directory
having the proper context?

A:  You can create your new user with the standard useradd command, but first
you must become root with a context of sysadm_r. This context switch has been
incorporated into the su command and occurs automatically:

su - root
id -Z
useradd auser
ls -Z /home
drwx------  auser   auser   root:object_r:user_home_dir_t /home/auser  

The initial context for a new user directory has an identity of root. Subsequent
relabeling of the file system will change the identity to system_u. These are
functionally the same since the role and type are identical

## 30 ##

Note You need to log in before you can comment on or make changes to this bug.