Description of problem: When using the default policy installed on Fedora 9, SELinux is blocking access for sshd to write (and other actions) in /home which is needed for pam_mkhomedir to be able to create a user's home directory on login. Version-Release number of selected component (if applicable): selinux-policy-3.3.1-51.fc9 selinux-policy-targeted-3.3.1-51.fc9 How reproducible: Always Steps to Reproduce: 1. Enable pam_mkhomedir by adding ie. the following to system-auth-ac: session required pam_mkhomedir.so skel=/etc/skel/ umask=0066 2. Have a valid user (without a home directory) login via ssh. Actual results: SELinux blocks sshd access to write in /home which is needed for the home directory to be created and populated with default files. Expected results: Home directory should be created and populated with files from /etc/skel. Additional info: Going through AVC denial messages, I was able to create the following policy which allows pam_mkhomedir to work properly via ssh: module local 1.0; require { type home_root_t; type sshd_t; class dir { write create add_name setattr }; class file { write create setattr }; } #============= sshd_t ============== allow sshd_t home_root_t:dir { write create add_name setattr }; allow sshd_t home_root_t:file { write create setattr };
Can you try to use oddjob-mkhomedir.i386 This should work better with SELinux.
Came across a bug with oddjob, but now with the latest oddjob and selinux-policy-3.3.1-61.fc9, home directory creation is working. Thanks!
Use oddjob-mkhomedir.i386