Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 161221 - /usr/local is already defined in /etc/selinux/targeted/contexts/files/file_contexts
Summary: /usr/local is already defined in /etc/selinux/targeted/contexts/files/file_co...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 4
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Russell Coker
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-21 15:00 UTC by Ralf Corsepius
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-12-13 04:57:14 UTC


Attachments (Terms of Use)

Description Ralf Corsepius 2005-06-21 15:00:11 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.7.8-1.3.1

Description of problem:
# apt-get install selinux-policy-targeted
Reading Package Lists... Done
Building Dependency Tree... Done
The following NEW packages will be installed:
   selinux-policy-targeted (1.23.18-12)
0 upgraded, 1 newly installed, 0 removed and 0 not upgraded.
Need to get 0B/742kB of archives.
After unpacking 5326kB of additional disk space will be used.
Checking GPG signatures...  ########################################### [100%]
Committing changes...
Preparing...                ########################################### [100%]
   1:selinux-policy-targeted########################################### [100%]
/usr/local is already defined in /etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context.
Done.


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.23.18-12

How reproducible:
Always

Steps to Reproduce:
Install selinux-policy-targeted-1.23.18-12 on a fresh FC4 install.


Actual Results:  See above.

Expected Results:  No warning, no error, just function.

Additional info:

Comment 1 Daniel Walsh 2005-06-23 11:28:05 UTC
This happens because you have users in /usr/local.  genhomedircon has identified
/usr/local as a "HOME ROOT", but it finds it already defined so it does not
redefine it's file context.  Not sure it is a great idea to have home dirs in
/usr/local.

Comment 2 Ralf Corsepius 2005-06-23 12:45:05 UTC
(In reply to comment #1)
> This happens because you have users in /usr/local. 
Well, I have the home of one local account set to /usr/local/share/<somewhere>.

> genhomedircon has identified 
> /usr/local as a "HOME ROOT", but it finds it already defined so it does not
> redefine it's file context.
Right, removing this /usr/local/share/<somewhere> silences genhomedircon, but
note, it is /usr/local/share/<somewhere>, not to /usr/local.

> Not sure it is a great idea to have home dirs in /usr/local.
C.f. http://www.pathname.com/fhs/pub/fhs-2.3.html#USRLOCALLOCALHIERARCHY
I can't spot anything prohibiting setting the home of local applications to
somewhere below /usr/local.

Also, remember, according to traditional common practice, /usr/local is
completely out of a vendor's (*your*) responsibility, while the FHS seems to be
wanting to apply rules corresponding to /usr.

This would mean, in my case, the actual question wrt. the FHS is: 
Is setting the homedir to /usr/share/<somewhere> allowed or not, and how should
selinux deal with it?
I for one don't see why this should be prohibited.

Anyway, the warning being issued by genhomedircon does not match my particular
case and is little helpful.

Comment 3 Ralf Corsepius 2005-06-23 13:17:29 UTC
(In reply to comment #2)
> (In reply to comment #1)
> > This happens because you have users in /usr/local. 
> Well, I have the home of one local account set to /usr/local/share/<somewhere>.
Correction, I have /usr/local/<somewhere>

Using /usr/local/share/<somewhere> produces:
/usr/local/share is already defined in
/etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context.

Using /usr/share/<somewhere> produces:
/usr/share is already defined in /etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context.


Comment 4 Daniel Walsh 2005-12-13 04:57:14 UTC
This means that it will not redefine the top directory to home_root_t, which it
usually does when it descovers a new home dir.  Everything will probably work
correctly.  In a strict policy machine this could cause a problem.


Note You need to log in before you can comment on or make changes to this bug.