[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Home Dir labels (manifested as a failed Flash install)



> -rw-r--r--  smearp   smearp   user_u:object_r:user_home_t      flashplayer.xpt
> -rwxr-xr-x  smearp   smearp   user_u:object_r:texrel_shlib_t    

This is correct, but it's not done automatically, because /home is
entirely skipped when changing the contexts after a policy upgrade.

Personally, I think this is a major problem, but Daniel Walsh points out
that (1) automatic restorecon on /home presents a security risk of
mislabeled files ( like gpg keys and such in the wrong place), and (2)
automatic restorecon on /home might take a very long time. 

I think if we are to introduce more fine-grained labeling of "$HOME" in
the future (which we should), this problem needs to be solved somehow.

-- 
Ivan Gyurdiev <ivg2 cornell edu>
Cornell University


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]