[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] AVCs on fedora atomic host 91f0a3478e preventing ssh login



There should be a file context equivalence mapping between /var/home and
/home.


matchpathcon /var/home/tob
/var/home/tob    unconfined_u:object_r:user_home_dir_t:s0

It should definitely not be default_t.

On 09/15/2015 10:39 AM, Tobias Florek wrote:
> Hi,
>
> after fixing the ostree-provided fs labels, there seem to be additional
> problems. E.g.:
>
>     # ls -Z /var/home/tob -d
>     unconfined_u:object_r:default_t:s0 /var/home/tob/
>
> which should most likely be unconfined_u:object_r:user_home_dir_t:s0.
>
> That's most likely the cause of many more ssh AVCs I get.
>
> Reading through the list of AVCs I get the feeling that most files are
> mislabeled. restorecon -n does not say anything is wrong, so I am led to
> believe that restorecon does not know its way on atomic hosts.  
>
>
> I will keep that machine to debug the selinux tools, if you think that's
> reasonable.
>
>
> Cheers,
>  Tobias Florek


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]