[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: What is special about /home?

From: Stephen Smalley <sds tycho nsa gov>
To: Forrest Taylor <ftaylor redhat com>
Cc: Daniel J Walsh <dwalsh redhat com>, Fedora SELinux List <fedora-selinux-list redhat com>
Subject: Re: What is special about /home?
Date: Fri, 27 Apr 2007 11:17:24 -0400

On Fri, 2007-04-27 at 08:39 -0600, Forrest Taylor wrote:
> On Thu, 2007-04-26 at 16:30 -0600, Forrest Taylor wrote:
> > I have a .fc file that contains:
> > /home/dir(/.*)? system_u:object_r:tmp_t:s0
> > 
> > When I create the directory, it gets user_home_dir_t and files in the
> > directory get user_home_t.  After I load the module, restorecon will not
> > change the permissions on the directory or files.  So, what is special
> > about those types?  I thought at first that they may be customizable
> > types, but they aren't listed in the file.  semanage fcontext doesn't
> > show them either.  Any clues?
> 
> I forgot to mention that I am using RHEL 5.0.0.

There is an ordering/precedence among the different kinds of file
contexts configurations, with the base file_contexts generated from the
module .fc files at the lowest priority, the file_context.homedirs file
generated by genhomedircon as the next priority, and the
file_contexts.local file as the highest priority.

So a module .fc file can be overridden by the genhomedircon-generated
entries or by the local file contexts added via semanage fcontext -a.
Sounds like you should be using semanage fcontext -a for this instead of
a module.

-- 
Stephen Smalley
National Security Agency

Follow-Ups:
- Re: What is special about /home?
  - From: Forrest Taylor

References:
- What is special about /home?
  - From: Forrest Taylor
- Re: What is special about /home?
  - From: Forrest Taylor

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]