Bug 139433 - SELinux FAQ - resultes of id -Z for root incorrect for targeted policy
Summary: SELinux FAQ - resultes of id -Z for root incorrect for targeted policy
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora Documentation
Classification: Retired
Component: selinux-faq
Version: devel
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Karsten Wade
QA Contact: Tammy Fox
URL: http://fedora.redhat.com/docs/selinux...
Whiteboard:
: 142182 (view as bug list)
Depends On:
Blocks: 118757
TreeView+ depends on / blocked
 
Reported: 2004-11-15 22:36 UTC by Karsten Wade
Modified: 2007-04-18 17:15 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2004-12-31 18:00:51 UTC
Embargoed:


Attachments (Terms of Use)

Description Karsten Wade 2004-11-15 22:36:12 UTC
Description of change/FAQ addition.  If a change, include the original
text first, then the changed text:

Under the targeted policy, the context of the root account is
different than in the examples in the FAQ.  If the examples should
reflect the more common targeted policy, these should be changed.

URLs:

http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#id3522132
http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#id3523386

 id -Z
 root:sysadm_r:sysadm_t

becomes

 id -Z
 root:system_r:unconfined_t

Version-Release of FAQ (found on
http://fedora.redhat.com/docs/selinux-faq-fc3/ln-legalnotice.html),
for example:

  selinux-faq-1.3-4 (2004-11-09-T16:20-0800)

Comment 1 Karsten Wade 2004-12-20 21:53:29 UTC
*** Bug 142182 has been marked as a duplicate of this bug. ***

Comment 2 Karsten Wade 2004-12-31 18:00:51 UTC
Added in 1.3-5, coming live Real Soon Now (TM).

## The Q/A

Q:  How can I create a new Linux user account with the user's home directory
having the proper context?

A:  You can create your new user with the standard useradd command, but first
you must become root with a context of sysadm_r. This context switch has been
incorporated into the su command and occurs automatically:

su - root
id -Z
root:system_r:unconfined_t
useradd auser
ls -Z /home
drwx------  auser   auser   root:object_r:user_home_dir_t /home/auser  

The initial context for a new user directory has an identity of root. Subsequent
relabeling of the file system will change the identity to system_u. These are
functionally the same since the role and type are identical
(object_r:user_home_dir_t.) 

## 30 ##


Note You need to log in before you can comment on or make changes to this bug.