Bug 371851 - SELinux prevents GDM/login reading files on NFS home directory
SELinux prevents GDM/login reading files on NFS home directory
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
8
x86_64 Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-11-08 16:23 EST by Darryl Bond
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-10 08:05:52 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Darryl Bond 2007-11-08 16:23:17 EST
Description of problem:
User with an NFS home directory cannot log in. The /var/log/messages entry is:
Nov  8 13:29:08 bashful setroubleshoot: #012    SELinux prevented /bin/login
from reading files stored on a NFS filesytem.#012     For complete SELinux
messages. run sealert -l 37fb36c4-f245-4680-a0f3-714404c6c12c

and

Nov  8 13:43:48 bashful setroubleshoot: #012    SELinux prevented
/usr/sbin/gdm-binary from reading files stored on a NFS filesytem.#012     For
complete SELinux messages. run sealert -l 971f3e4f-8a21-4593-8316-85a54de75e16



Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.0.8-44.fc8

How reproducible:
Fails every time

Steps to Reproduce:
1.User home directory on NFS filesystem mounted by autofs
2.User attempts to log in
3.GDM says that the user home directory is not accessable, login fails
Comment 1 Daniel Walsh 2007-11-08 16:49:19 EST
Is the boolean use_nfs_home_dirs turned on?

setsebool -P use_nfs_home_dirs=1
Comment 2 Darryl Bond 2007-11-08 17:29:02 EST
No, it wasn't. It is now and user login works fine.
This is the first Fedora that it has been off by default?
Comment 3 Daniel Walsh 2007-11-10 08:05:52 EST
Well actually gdm/xsession was always unconfined in the past,  I have turned on
the boolean by default in 

selinux-policy-targeted-3.0.8-51.fc8

Note You need to log in before you can comment on or make changes to this bug.