[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [atomic-devel] AVCs on fedora atomic host 91f0a3478e preventing ssh login
- From: Daniel J Walsh <dwalsh redhat com>
- To: Tobias Florek <atomic ibotty net>, atomic-devel projectatomic io
- Subject: Re: [atomic-devel] AVCs on fedora atomic host 91f0a3478e preventing ssh login
- Date: Tue, 15 Sep 2015 11:02:16 -0400
There should be a file context equivalence mapping between /var/home and
/home.
matchpathcon /var/home/tob
/var/home/tob unconfined_u:object_r:user_home_dir_t:s0
It should definitely not be default_t.
On 09/15/2015 10:39 AM, Tobias Florek wrote:
> Hi,
>
> after fixing the ostree-provided fs labels, there seem to be additional
> problems. E.g.:
>
> # ls -Z /var/home/tob -d
> unconfined_u:object_r:default_t:s0 /var/home/tob/
>
> which should most likely be unconfined_u:object_r:user_home_dir_t:s0.
>
> That's most likely the cause of many more ssh AVCs I get.
>
> Reading through the list of AVCs I get the feeling that most files are
> mislabeled. restorecon -n does not say anything is wrong, so I am led to
> believe that restorecon does not know its way on atomic hosts.
>
>
> I will keep that machine to debug the selinux tools, if you think that's
> reasonable.
>
>
> Cheers,
> Tobias Florek
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]