700244 – Some files on nfs mounted home dirs still get wrong labels

Bug 700244 - Some files on nfs mounted home dirs still get wrong labels

Summary: Some files on nfs mounted home dirs still get wrong labels

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	selinux-policy
Sub Component:
Version:	5.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Miroslav Grepl
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-04-27 21:04 UTC by Orion Poplawski
Modified:	2011-04-28 18:46 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-04-28 18:46:46 UTC
Target Upstream Version:
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Orion Poplawski 2011-04-27 21:04:42 UTC

Description of problem:

I'm periodically running /sbin/restorecon -R -v /export/home on our EL 5.6 NFS home directory server.  I'm seeing messages like the following periodically:

/sbin/restorecon reset /export/home/kwan/.lyxpipe.in context system_u:object_r:user_home_dir_t:s0->user_u:object_r:user_home_t:s0
/sbin/restorecon reset /export/home/kwan/.lyxpipe.out context system_u:object_r:user_home_dir_t:s0->user_u:object_r:user_home_t:s0

Version-Release number of selected component (if applicable):
selinux-policy-2.4.6-300.el5

Comment 1 Orion Poplawski 2011-04-27 21:21:57 UTC

/sbin/restorecon reset /export/home/riggin/.#NSF_bio.tex context system_u:object_r:user_home_dir_t:s0->user_u:object_r:user_home_t:s0

Comment 2 Daniel Walsh 2011-04-28 11:54:34 UTC

Miroslav in RHEL6 we have

optional_policy(`
	userdom_user_home_dir_filetrans_user_home_content(kernel_t, { file dir })
')

Do we have this in RHEL5?

This would still be broken and until we get some of the file name transition stuff we are adding in F16, it would be the best we can do, if it works.

Comment 3 Orion Poplawski 2011-04-28 16:01:41 UTC

FWIW - Things are a *lot* better now with 5.6 than with 5.5, so it seems something changed there.

Comment 4 Miroslav Grepl 2011-04-28 16:27:39 UTC

Well, we are missing this in RHEL5.

Comment 5 Daniel Walsh 2011-04-28 18:46:46 UTC

Orion I am closing this as fixed (Well fixes as best we can.)  And you triggered me to make a whole series of changes to Fedora 16 to make this much better.

Note You need to log in before you can comment on or make changes to this bug.