Red Hat Bugzilla – Bug 470398
restorecond not running by default; files in home dirs created with wrong types
Last modified: 2015-01-04 17:35:43 EST
Created attachment 322799 [details]
restorecon -R -v output on a home directory created while restorecond is off.
Description of problem:
Dominick Grift reported this issue. If restorecond is not running, files in home directories are created with wrong types.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
0. Make sure restorecond is stopped (it is off by default): service restorecond stop
1. Create a new user: useradd [newuser].
2. Log in as [newuser] via GDM.
3. Run "restorecon -R -v /home/[newuser].
* no denials caused by bad labels (before running restorecon).
* see attached for restorecon output. Lots of changes - mostly unconfined_u to system_u, but some types are changed:
reset /home/testuser/.gstreamer-0.10 context unconfined_u:object_r:user_home_t:s0->system_u:object_r:nsplugin_home_t:s0
reset /home/testuser/.gconf context unconfined_u:object_r:user_home_t:s0->system_u:object_r:gconf_home_t:s0
* files labeled correctly.
* denials due to bad labels.
When restorecond is running, creating a new user, logging in, and then running restorecon over their home directory does not result in any changes.
Should restorecond be running by default?
We have been asked to turn off all services by default.
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle.
Changing version to '10'.
More information and reason for this action is here: