Description of problem: My /home directory is nfs mounted (V3) from a linux server. Everything worked fine on F14 but after a fresh F15 beta install, I got an error message when logging in that it cannot change to my home directory (permission denied) and I was put in / directory. Curiously enough just by entering cd and return, I was in my home directory and I could access all the files normally. After disabling selinux, this problem went away, so there is some issue with nfs mounted home & selinux. Version-Release number of selected component (if applicable): Conflict between nfs & selinux. How reproducible: Enable selinux and have your /home directory come from an nfs server (V3).
What avc's were you seeing and did you have the use_nfs_home_dirs boolean turned on? setsebool -P use_nfs_home_dirs 1
No, I did not. I would suggest turning it on by default. When things don't work, people will just stop using selinux (well, those who can figure out that this is the problem...)
The problem is this allows a great deal of confined domains to start reading/writing any nfs mounted share. So it is much less secure then for the people who use NFS but not for home dirs. Were you running setroubleshoot? It should have put a message in /var/log/messages that told you what was going on.
Yes, there is a message in /var/log/messages: Apr 21 09:31:44 jme setroubleshoot: SELinux is preventing /bin/login from searc\ h access on the directory . For complete SELinux messages. run sealert -l a3be5\ 8b6-21f9-4164-9135-2c99bffc4d83 It is not at all obvious what it is trying to say. Could one try to probe for the NFS /home situation somehow and setting the use_nfs_home_dirs based on that? Ultimately it would be great to be able to set up NFS shares during install and then the installer could make the appropriate settings for this automatically. Anyhow, this sort of thing is a deal breaker at least for me (-> selinux disabled permanently).
I am asking what this message says. sealert -l a3be58b6-21f9-4164-9135-2c99bffc4d83