From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Description of problem:
The latest update to selinux-policy-targeted changed the type specified for /var/log from var_log_t to home_root_t. These changes occured in /etc/selinux/targeted/src/policy/file_contexts/file_contexts.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Upgrade to selinux-policy-targeted-1.17.30-2.88
2. Run restorecon -R /var/log
Actual Results: The type of /var/log was set to home_root_t.
Expected Results: The type of /var/log should have been var_log_t.
This doesn't seem to be a problem for the policies set forth in the selinux-policy-targeted package, however it was an issue as we use a custom policy to govern snort.
I just pushed the update to another box, with a nearly identical configuration.
The odd thing here is that this issue did not arise on this second system. The
changes in question were nowhere to be found, and the labeling on /var/log
remained as it should. Yet, on the first machine, this was not an issue until
the upgrade. I'm not sure what's going on here...
Do you have a entry in /etc/passwd with an homedir in /var/log?
One, the 'snort' user has a homedir at '/var/log/snort' -- however this user
exists on both systems, and the sole difference between the two is the uid.
If the snort UID is > 500 and has a shell of something other than /sbin/nologin
or /bin/false This could happen. Change the UID or the shell and reload
policy, should clear it up.
Ahh, that makes a lot sense!
Thanks for the help, and sorry about bugging you with something so silly.