F12 beta, ldap authentication and NFS mounted home

Sat Oct 24 11:58:47 UTC 2009

On 10/23/2009 07:08 PM, Tim Fenn wrote:
> On Thu, 22 Oct 2009 08:28:04 -0400
> Daniel J Walsh <dwalsh at redhat.com> wrote:
> 
>> On 10/22/2009 02:16 AM, Jeroen van Meeuwen wrote:
>>> On 10/22/2009 02:04 AM, Tim Fenn wrote:
>>>> I upgraded a machine from F10 to F12 beta - its a client machine
>>>> that mounts /home over NFS and authenticates over LDAP (however,
>>>> its a mac server that sets /home as /Volumes/Homes, which I have
>>>> set up as a pointer to /home). use_nfs_home_dirs is on and I can
>>>> log in via SSH or the console, but the graphical login fails when
>>>> clicking "log in" with the following selinux error:
>>>>
>>>> SELinux is preventing /usr/libexec/ck-get-x11-server-pid "read"
>>>> access on Homes.
>>>>
>>>> I've attached the full sealart, am I missing something
>>>> obvious/simple?
>>>>
>>>
>>> FWIW, I had something similar with gdm-greeter, I think. I also had
>>> a different problem[1] with gdm so I didn't give it much attention
>>> at the time.
>>>
>> I need to see the AVC in /var/log/audit/audit.log to make sure I know
>> the reason.
>>
> 
> OK, I spent a bit more time on this today (sorry for the late response,
> been busy with all these new operating systems this week!).  Upon
> login, I get the audit_1.log (see attached), and upon firing up startx,
> I get audit_2.log - it seems the link to /home is whats causing the
> problem, audit2allow suggests
> 
> allow local_login_t default_t:lnk_file read;
> allow consolekit_t default_t:lnk_file read;
> 
> but I'm not sure thats the "proper" solution - would it be better to
> set /Volumes/Homes as the NFS mount and /home as a pointer to it?
> 
> -Tim
> 
Looks like a labeling problem.

The problem looks like you have a users home directories in a separate location.  And it is not labeled correctly.

The symbolic link is labeled with the default label, and the login programs are not able ro read this link.

You probably need to label it something like user_home_dir_t.

Homes is the link.

Is /volume/homes a sumbolic link to /home?

Are the users home dirs local or on a nother machine mounted via nfs?