Description of problem: pam_mkhomedir incorrectly labels user home created on the fly as home_root_t. Files that get copied in the process from /etc/skel such as .bash_profile are also labeled as home_root_t Version-Release number of selected component (if applicable): selinux-2.2.34-3.fc5 (and also lower versions ?) How reproducible: always Steps to Reproduce: 1.put pam_mkhomedir in /etc/pam.d/system-auth 2.open session as user with no home created 3.ls -Z Actual results: user home is labeled system_u:object_r:home_root_t files copied from skel are also labeled system_u:object_r:home_root_t Expected results: user home should be labeled system_u:object_r:user_home_dir_t files copied from skel should be labeled system_u:object_r:user_home_t Additional info: # session block in /etc/pam.d/system-auth session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_limits.so session required pam_unix.so ...
This is a problem with pam. The pam module would need create the homedir with the correct context, problem is that every application that calls pam would then need the privs to create the files/directories with the correct context. A better solution would be to use oddjob from fedora-extras try pam_oddjob_mkhomedir.so Which basically does the same type of thing and actually works. yum install oddjob
This is impossible to fix with the current pam_mkhomedir module. Use oddjob as recommended by Dan Walsh.