Bug 150466 - /var gets labeled as home_root_t if someuser has his home under /var
/var gets labeled as home_root_t if someuser has his home under /var
Status: CLOSED DUPLICATE of bug 149114
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2005-03-07 08:47 EST by JuanJo Ciarlante
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-02-21 14:08:15 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description JuanJo Ciarlante 2005-03-07 08:47:39 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6)
Gecko/20050302 Firefox/1.0.1 Fedora/1.0.1-1.3.2

Description of problem:

It started with this avc's (squid not working):
  avc:  denied  { search } for pid=5837 exe=/usr/sbin/squid 
  name=/ dev=sda9 ino=2
  tcontext=system_u:object_r:home_root_t tclass=dir

(/dev/sda9 mounted on /var )
Digging a bit, found /var labeled as home_root_t:
  bash# ls -dZ /var
  drwxr-xr-x  root     root     system_u:object_r:home_root_t    /var

... but it should be var_t.

then in file_contexts I found:
  /var            -d      system_u:object_r:home_root_t

... which gets written by genhomedircon because I have someuser's
home under /var  

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. useradd -d /var/foo foo
2. make -C /etc/selinux/targeted/src/policy reload
3. restorecon -v /var
4. ls -dZ /var

Actual Results:  drwxr-xr-x  root     root    
system_u:object_r:home_root_t    /var

Expected Results:  drwxr-xr-x  root     root    
system_u:object_r:var_t          /var

Additional info:

This simple patch to Makefile does the workaround:
--- Makefile.dist       2005-03-02 10:38:53.000000000 -0300
+++ Makefile    2005-03-07 10:36:27.034301024 -0300
@@ -175,3 +175,3 @@
        @grep -v "^/root" $@.tmp > $@.root
-       @/usr/sbin/genhomedircon . $@.root  | egrep -v " > $@
+       @/usr/sbin/genhomedircon . $@.root  | egrep -v \
            "^/var.*system_u:object_r:home_root_t" > $@
        @grep "^/root" $@.tmp >> $@

, but there maybe a wider problem with genhomedircon logic.
Comment 1 Daniel Walsh 2005-03-10 15:46:53 EST

*** This bug has been marked as a duplicate of 149114 ***
Comment 2 Red Hat Bugzilla 2006-02-21 14:08:15 EST
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.