Bug 371851 - SELinux prevents GDM/login reading files on NFS home directory
Summary: SELinux prevents GDM/login reading files on NFS home directory
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
(Show other bugs)
Version: 8
Hardware: x86_64 Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-11-08 21:23 UTC by Darryl Bond
Modified: 2007-11-30 22:12 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-10 13:05:52 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Darryl Bond 2007-11-08 21:23:17 UTC
Description of problem:
User with an NFS home directory cannot log in. The /var/log/messages entry is:
Nov  8 13:29:08 bashful setroubleshoot: #012    SELinux prevented /bin/login
from reading files stored on a NFS filesytem.#012     For complete SELinux
messages. run sealert -l 37fb36c4-f245-4680-a0f3-714404c6c12c

and

Nov  8 13:43:48 bashful setroubleshoot: #012    SELinux prevented
/usr/sbin/gdm-binary from reading files stored on a NFS filesytem.#012     For
complete SELinux messages. run sealert -l 971f3e4f-8a21-4593-8316-85a54de75e16



Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.0.8-44.fc8

How reproducible:
Fails every time

Steps to Reproduce:
1.User home directory on NFS filesystem mounted by autofs
2.User attempts to log in
3.GDM says that the user home directory is not accessable, login fails

Comment 1 Daniel Walsh 2007-11-08 21:49:19 UTC
Is the boolean use_nfs_home_dirs turned on?

setsebool -P use_nfs_home_dirs=1


Comment 2 Darryl Bond 2007-11-08 22:29:02 UTC
No, it wasn't. It is now and user login works fine.
This is the first Fedora that it has been off by default?

Comment 3 Daniel Walsh 2007-11-10 13:05:52 UTC
Well actually gdm/xsession was always unconfined in the past,  I have turned on
the boolean by default in 

selinux-policy-targeted-3.0.8-51.fc8


Note You need to log in before you can comment on or make changes to this bug.