Bug 758207 - selinux blocks access to separate home partition after installation
Summary: selinux blocks access to separate home partition after installation
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 16
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-11-29 14:45 UTC by Filip Skola
Modified: 2016-05-05 04:40 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2011-12-13 20:11:41 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
audit.log from first denial to the end (151.48 KB, text/plain)
2011-12-09 16:36 UTC, Filip Skola 		no flags Details
View All

Description Filip Skola 2011-11-29 14:45:02 UTC 
I installed a clean F16 system on disk with standalone home. I used manual partitioning since I didn't want to lose my data. After installation I changed ownership of /home/user properly.

The issue is that selinux doesn't recognize /home partition as a home partition and prevents the system from using in properly. Eg. when I was trying to log in KDE, it printed out an error saying that logging failed when using home=/.

I suppose that this is caused by misconfigured selinux-policy which is not precisely a bug, but I'd expect some option to relabel existing files when installing Fedora. I've tried to run restorecon manually, but it didn't help at all.

I'd also like to add, that this applies also to newly created users, with home dir copied from skel. After umounting /home and creating new user, login was possible. Interesting is also that F14 system was present on the computer before F16. But I didn't do an upgrade, but reinstall.


Version-Release number of selected component (if applicable): Fedora 16 installed from multiboot live DVD (KDE was running; x86_64)


How reproducible: I think that always after described circumstances, but didn't tested


Steps to Reproduce: above
  

Actual results: Users can't log in after install


Expected results: logging into the newly installed system


Additional info: above
Comment 1 Miroslav Grepl 2011-11-29 15:07:51 UTC 
I would like to see some AVC msgs related to this issue from permissive mode.
Comment 2 Filip Skola 2011-12-09 16:36:30 UTC 
Created attachment 544624 [details]
audit.log from first denial to the end
Comment 3 Daniel Walsh 2011-12-13 20:11:41 UTC 
setsebool -P use_nfs_home_dirs 1

You seem to have /home mounted on NFS?
Comment 4 Filip Skola 2012-01-30 12:13:20 UTC 
(In reply to comment #3)
> setsebool -P use_nfs_home_dirs 1
> 
> You seem to have /home mounted on NFS?

No, /home is local partition on that system.
Comment 5 Daniel Walsh 2012-01-30 21:13:28 UTC 
Your AVC's show xdm_t (kdm) trying to write to a directory, 
bragoslav, which is labeled nfs_t?
Comment 6 Andrea 2014-04-09 08:42:16 UTC 
This bug is still present installing Fedora 20 (64 bit, xfce spin). After installation it is not possible to login correctly using the old home partition from a previous install (with the partition on the same hard drive as /).
A simple work around is to execute
$ restorecon -R /home
after installation, but anaconda should do it automatically since a separate home partition is a common setup, also suggested in fedora documentation.
Comment 7 Daniel Walsh 2014-04-14 16:45:20 UTC 
Andrea this bug relates to nfs?  If you have a new bug pleas open a new bugzilla.
Comment 8 Andrea 2014-04-15 08:43:45 UTC 
Sorry, I missed the focus on NFS. I filed a new bug 1087736.
Note You need to log in before you can comment on or make changes to this bug.