Home Dir labels (manifested as a failed Flash install)
Kyrre Ness Sjobak
kyrre at solution-forge.net
Wed Apr 27 21:37:53 UTC 2005
ons, 27.04.2005 kl. 07.17 skrev Ivan Gyurdiev:
> > -rw-r--r-- smearp smearp user_u:object_r:user_home_t flashplayer.xpt
> > -rwxr-xr-x smearp smearp user_u:object_r:texrel_shlib_t
>
> This is correct, but it's not done automatically, because /home is
> entirely skipped when changing the contexts after a policy upgrade.
>
> Personally, I think this is a major problem, but Daniel Walsh points out
> that (1) automatic restorecon on /home presents a security risk of
> mislabeled files ( like gpg keys and such in the wrong place), and (2)
> automatic restorecon on /home might take a very long time.
>
> I think if we are to introduce more fine-grained labeling of "$HOME" in
> the future (which we should), this problem needs to be solved somehow.
What happens if /home is on NFS?
More information about the fedora-test-list
mailing list