Home Dir labels (manifested as a failed Flash install)
Ivan Gyurdiev
ivg2 at cornell.edu
Wed Apr 27 05:17:16 UTC 2005
> -rw-r--r-- smearp smearp user_u:object_r:user_home_t flashplayer.xpt
> -rwxr-xr-x smearp smearp user_u:object_r:texrel_shlib_t
This is correct, but it's not done automatically, because /home is
entirely skipped when changing the contexts after a policy upgrade.
Personally, I think this is a major problem, but Daniel Walsh points out
that (1) automatic restorecon on /home presents a security risk of
mislabeled files ( like gpg keys and such in the wrong place), and (2)
automatic restorecon on /home might take a very long time.
I think if we are to introduce more fine-grained labeling of "$HOME" in
the future (which we should), this problem needs to be solved somehow.
--
Ivan Gyurdiev <ivg2 at cornell.edu>
Cornell University
More information about the fedora-test-list
mailing list