Bug 470398 - restorecond not running by default; files in home dirs created with wrong types
restorecond not running by default; files in home dirs created with wrong types
Status: CLOSED CANTFIX
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
10
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-06 18:38 EST by Murray McAllister
Modified: 2015-01-04 17:35 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-08 14:11:47 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
restorecon -R -v output on a home directory created while restorecond is off. (7.00 KB, text/plain)
2008-11-06 18:38 EST, Murray McAllister
no flags Details

  None (edit)
Description Murray McAllister 2008-11-06 18:38:11 EST
Created attachment 322799 [details]
restorecon -R -v output on a home directory created while restorecond is off.

Description of problem:
Dominick Grift reported this issue. If restorecond is not running, files in home directories are created with wrong types.


Version-Release number of selected component (if applicable):
policycoreutils-2.0.57-11.fc10.i386
selinux-policy-3.5.13-17.fc10.noarch
selinux-policy-targeted-3.5.13-17.fc10.noarch
libselinux-utils-2.0.73-1.fc10.i386
libselinux-python-2.0.73-1.fc10.i386
libselinux-2.0.73-1.fc10.i386


How reproducible:
Always.


Steps to Reproduce:
0. Make sure restorecond is stopped (it is off by default): service restorecond stop
1. Create a new user: useradd [newuser].
2. Log in as [newuser] via GDM.
3. Run "restorecon -R -v /home/[newuser].
  
Actual results:
* no denials caused by bad labels (before running restorecon).
* see attached for restorecon output. Lots of changes - mostly unconfined_u to system_u, but some types are changed:

reset /home/testuser/.gstreamer-0.10 context unconfined_u:object_r:user_home_t:s0->system_u:object_r:nsplugin_home_t:s0

reset /home/testuser/.gconf context unconfined_u:object_r:user_home_t:s0->system_u:object_r:gconf_home_t:s0


Expected results:
* files labeled correctly.
* denials due to bad labels.

Additional info:
When restorecond is running, creating a new user, logging in, and then running restorecon over their home directory does not result in any changes.

Should restorecond be running by default?
Comment 1 Daniel Walsh 2008-11-07 10:02:43 EST
We have been asked to turn off all services by default.
Comment 2 Bug Zapper 2008-11-25 23:56:10 EST
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle.
Changing version to '10'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Note You need to log in before you can comment on or make changes to this bug.