Bug 161221 - /usr/local is already defined in /etc/selinux/targeted/contexts/files/file_contexts
/usr/local is already defined in /etc/selinux/targeted/contexts/files/file_co...
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
4
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Russell Coker
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-06-21 11:00 EDT by Ralf Corsepius
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-12-12 23:57:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ralf Corsepius 2005-06-21 11:00:11 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.7.8-1.3.1

Description of problem:
# apt-get install selinux-policy-targeted
Reading Package Lists... Done
Building Dependency Tree... Done
The following NEW packages will be installed:
   selinux-policy-targeted (1.23.18-12)
0 upgraded, 1 newly installed, 0 removed and 0 not upgraded.
Need to get 0B/742kB of archives.
After unpacking 5326kB of additional disk space will be used.
Checking GPG signatures...  ########################################### [100%]
Committing changes...
Preparing...                ########################################### [100%]
   1:selinux-policy-targeted########################################### [100%]
/usr/local is already defined in /etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context.
Done.


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.23.18-12

How reproducible:
Always

Steps to Reproduce:
Install selinux-policy-targeted-1.23.18-12 on a fresh FC4 install.


Actual Results:  See above.

Expected Results:  No warning, no error, just function.

Additional info:
Comment 1 Daniel Walsh 2005-06-23 07:28:05 EDT
This happens because you have users in /usr/local.  genhomedircon has identified
/usr/local as a "HOME ROOT", but it finds it already defined so it does not
redefine it's file context.  Not sure it is a great idea to have home dirs in
/usr/local.
Comment 2 Ralf Corsepius 2005-06-23 08:45:05 EDT
(In reply to comment #1)
> This happens because you have users in /usr/local. 
Well, I have the home of one local account set to /usr/local/share/<somewhere>.

> genhomedircon has identified 
> /usr/local as a "HOME ROOT", but it finds it already defined so it does not
> redefine it's file context.
Right, removing this /usr/local/share/<somewhere> silences genhomedircon, but
note, it is /usr/local/share/<somewhere>, not to /usr/local.

> Not sure it is a great idea to have home dirs in /usr/local.
C.f. http://www.pathname.com/fhs/pub/fhs-2.3.html#USRLOCALLOCALHIERARCHY
I can't spot anything prohibiting setting the home of local applications to
somewhere below /usr/local.

Also, remember, according to traditional common practice, /usr/local is
completely out of a vendor's (*your*) responsibility, while the FHS seems to be
wanting to apply rules corresponding to /usr.

This would mean, in my case, the actual question wrt. the FHS is: 
Is setting the homedir to /usr/share/<somewhere> allowed or not, and how should
selinux deal with it?
I for one don't see why this should be prohibited.

Anyway, the warning being issued by genhomedircon does not match my particular
case and is little helpful.
Comment 3 Ralf Corsepius 2005-06-23 09:17:29 EDT
(In reply to comment #2)
> (In reply to comment #1)
> > This happens because you have users in /usr/local. 
> Well, I have the home of one local account set to /usr/local/share/<somewhere>.
Correction, I have /usr/local/<somewhere>

Using /usr/local/share/<somewhere> produces:
/usr/local/share is already defined in
/etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context.

Using /usr/share/<somewhere> produces:
/usr/share is already defined in /etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context.
Comment 4 Daniel Walsh 2005-12-12 23:57:14 EST
This means that it will not redefine the top directory to home_root_t, which it
usually does when it descovers a new home dir.  Everything will probably work
correctly.  In a strict policy machine this could cause a problem.

Note You need to log in before you can comment on or make changes to this bug.