451518 – Labels /etc and /usr as user_home_dir_t

Bug 451518 - Labels /etc and /usr as user_home_dir_t

Summary: Labels /etc and /usr as user_home_dir_t

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	policycoreutils
Sub Component:
Version:	9
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-06-15 09:21 UTC by Enrico Scholz
Modified:	2008-06-16 11:08 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-06-16 11:08:44 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Enrico Scholz 2008-06-15 09:21:51 UTC

Description of problem:

Please provide a way to 

a) disable the user_home_dir_t magic completely (homedirs on my
   machines are either NFS mounted, or there are no homedirs at
   all), or

b) filter-out certain accounts; the current heuristic (/sbin/nologin
   shell or uid < 500) does not suffice.

I have several system-accounts which require a regular shell (e.g. because
they start jobs through ~/.ssh/authorized_keys). Currently, these accounts
are handled like normal users and filesystem is completely mislabeled
(e.g. /etc and /usr/share are user_home_dir_t).


Version-Release number of selected component (if applicable):

policycoreutils-2.0.47-2.fc9.x86_64

Comment 1 Daniel Walsh 2008-06-16 11:08:44 UTC

Add 
disable-genhomedircon = true

to /etc/selinux/semanage.conf

Note You need to log in before you can comment on or make changes to this bug.