Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 452903 - HOME_DIR not resolving for oddly-placed user homedirs
Summary: HOME_DIR not resolving for oddly-placed user homedirs
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 9
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
Depends On:
TreeView+ depends on / blocked
Reported: 2008-06-25 18:43 UTC by Matt Domsch
Modified: 2008-06-30 20:29 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2008-06-30 20:29:44 UTC

Attachments (Terms of Use)

Description Matt Domsch 2008-06-25 18:43:02 UTC
Description of problem:
I had a system with a user's local home directory in a non-standard location
(e.g. /mdomsch2 instead of /home/mdomsch) due to /home being sometimes
automounted from a network share.

selinux-policy-targeted labeled the /mdomsch2/.ssh/ directory and files  such
that the policy would not allow them to be read by sshd.  fixfiles/restorecon
didn't help.

I moved the /mdomsch2/ directory to /home/mdomsch/ and ran restorecon against
it.  This then "correctly" labeled the files so sshd could read them.

So, HOME_DIR must be a system-global definition somewhere, pointing at /home? 
If so, where, and why isn't it per-user?

note, this failed only after upgrading the system from F7 to F9.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:

Comment 1 Daniel Walsh 2008-06-30 20:29:33 UTC
If you create the home directory in /home1/mdomsh2

You can execute genhomedircon

Then restorecon -R -v /home1

And that should work.

SELinux can not handle the homedir in the / directory.

Note You need to log in before you can comment on or make changes to this bug.