selinux-policy-targeted
Daniel J Walsh
dwalsh at redhat.com
Thu Mar 13 22:27:11 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nathanael D. Noblet wrote:
> Daniel J Walsh wrote:
>
>> One you have a service account in /etc/passwd or NIS which has a homedir
>> in /opt. SELinux has mistakenly seen this as a login account, because
>> the account has a UID > 500 and a valid shell. If you change the shell
>> to /sbin/nologin or /bin/false and run genhomedircon, the duplicate file
>> context will go away.
>
> That was totally correct. I have some non-fedora packaged software
> installed there (created by a self made RPM). Changing the shell got rid
> of the issue. I wonder if they still work though ;).
>
Yes it should work, you should never setup a service account with a
login shell.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkfZqjsACgkQrlYvE4MpobO0HQCfeuRxC5pSofTysqQYy6Vm9LGU
dAkAoLinQZl+q7JHekKOoT7UohtRtjGL
=UTCD
-----END PGP SIGNATURE-----
More information about the fedora-devel-list
mailing list