Description of problem:

The sshd_t domain does not have the necessary permissions to enter fuse mounted home directories, so when you ssh into the box employing fuse mounted home directories, it drops you out in the root directory.

How reproducible:

always

Steps to Reproduce:

1. setup your system to have fuse mounted home directories via pam_mount
2. set the use_fusefs_home_dirs boolean
3. ssh into your machine

Actual results:

[user1@host1 ~]$ ssh user2@host2
user2@host2's password: 
Last login: Sun Jan 23 11:23:48 2011 from host1
Could not chdir to home directory /home/user2: Permission denied
[user2@host2 /]$

and the audit log shows

type=AVC msg=audit(1295800328.644:35019): avc:  denied  { search } for  pid=10167 comm="sshd" name="/" dev=fuse ino=1 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir

Note that the home directory is mounted fine and you can cd into it from the "[user2@host2 /]$" prompt.  It's just that sshd cannot enter it.

Expected results:

[user1@$host1: ~] ssh $user2@$host2
$user2@$host2's password: 
Last login: Sun Jan 23 11:23:48 2011 from $host1
[$user2@$host2 ~]$

Additional info:

To fix this issue, I added the following lines

tunable_policy(`use_fusefs_home_dirs',`
        fs_search_fusefs(sshd_t)
')

to the ssh.te file.  I also wonder if the companion use_nfs_home_dirs and use_samba_home_dirs lines might be overzealous with mange_{nfs,cifs}_dirs and manage_{nfs,cifs}_files.  Could just fs_search_{nfs,cifs} do instead?

Cheers!  -Tyson