Hide Forgot
libreport version: 2.0.7 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.1.2-1.fc16.x86_64 reason: SELinux is preventing /usr/sbin/sshd from 'search' accesses on the directory /home/dev. time: Mon 05 Dec 2011 03:40:43 PM CET description: Text file, 2606 bytes
Created attachment 540946 [details] File: description
Apparently a regression since -61. (Don't get confused - the username is 'dev')
Any idea how it could get this mislabeling? # restorecon -R -v /home/dev
Oh, right, sandbox_file_t - I hadn't noticed that. I have been playing with sandbox, so it is probably my own fault that it ended up that way. I had verified that restorecon didn't report any problems - and as far as I can see I haven't messed it up so bad that I have redefined what the right context is. Is it intentional that the policy accepts sandbox_file_t for /home/* ? Your question indicates that you wouldn't expect that. I can see how something like this could make sense for sandboxing arbitrary users, but I would expect a label for a sandboxed home to be something like sandbox_home_t. If that is 'works as designed' them I am happy - except that I am sorry to have filed a bogus bug report ;-)
sandbox_file_t is a customizable type. Meaning restorecon will not modify it unless forced. This allows you to setup permanent homedirs/tmpdirs that sandboxes in random locations and restorecon will ignore them.
Oops, I missed "-F" switch.