[redhat-lspp] LSPP kickstart config v0.19 released

Linda Knippers linda.knippers at hp.com
Fri Feb 9 21:37:42 UTC 2007


Hi Klaus,

>     Simplify admin account creation, work around autorelabel $HOME issues

I don't think this works.  I think the useradd command isn't doing what
we expect.  With a command like this (taken right out of the ks script):
	useradd -m -c "ljk2" -G wheel -Z staff_u ljk2
I end up with an ljk2 user that is staff_u:s0 (note s0) in
/etc/selinux/mls/seusers.

The home directory is labeled:
user_u:object_r:user_home_dir_t:SystemLow-SystemHigh

If I do a restorecon -v I get this:
restorecon reset /home/ljk2 context
user_u:object_r:user_home_dir_t:s0-s15:c0.c1023->staff_u:object_r:staff_home_dir_t:s0-s15:c0.c1023

There's a comment in the ks script:
                # no need to set MLS level,
                # staff_u defaults to SystemLow-SystemHigh range
But that doesn't seem to be the case.

If staff_u is supposed to default to SystemLow-SystemHigh then useradd isn't
doing the right thing when it creates the selinux user and it doesn't seem to
be creating the home directory with the right context.

Should I open a new bugzilla or does Dan think we need the semanage and
restorecon no matter what?

-- ljk




More information about the redhat-lspp mailing list