selinux adventures/troubles

Michal Jaegermann michal at harddata.com
Sat Dec 27 23:26:13 UTC 2008 

On Sat, Dec 27, 2008 at 07:43:40PM +0100, Jan Pazdziora wrote:
> On Sat, Dec 27, 2008 at 10:23:13AM -0700, Michal Jaegermann wrote:
> > 
> > > Why /root on the other machine is labeled user_home_t is a
> > > bug.  Not sure why this is happening.  Do you have an entry in your
> > > /etc/passwd with a UID > 500 with /root as a home dir?
> > 
> > Of course not.  The only entries in /etc/passwd with /root for
> > a home directory look as follows:
> > 
> > root:x:0:0:root:/root:/bin/bash
> > operator:x:11:0:operator:/root:/sbin/nologin
> 
> Could you show us the result of
> 
> 	ls -Z /root

Where I am getting into troubles this shows

-rw-------  root root system_u:object_r:admin_home_t:s0 anaconda-ks.cfg
drwxr-xr-x  root root system_u:object_r:admin_home_t:s0 Desktop
drwxr-xr-x  root root system_u:object_r:admin_home_t:s0 Documents
drwxr-xr-x  root root system_u:object_r:admin_home_t:s0 Download
-rw-r--r--  root root system_u:object_r:admin_home_t:s0 install.log
-rw-r--r--  root root system_u:object_r:admin_home_t:s0 install.log.syslog
drwx------  root root system_u:object_r:admin_home_t:s0 Mail
drwxr-xr-x  root root system_u:object_r:admin_home_t:s0 Music
drwxr-xr-x  root root system_u:object_r:admin_home_t:s0 Pictures
drwxr-xr-x  root root system_u:object_r:admin_home_t:s0 Public
-rw-r--r--  root root system_u:object_r:admin_home_t:s0 scsrun.log
drwxr-xr-x  root root system_u:object_r:admin_home_t:s0 Templates
drwxr-xr-x  root root system_u:object_r:admin_home_t:s0 tools
-rw-r--r--  root root system_u:object_r:admin_home_t:s0 upgrade.log
-rw-r--r--  root root system_u:object_r:admin_home_t:s0 upgrade.log.syslog
drwxr-xr-x  root root system_u:object_r:admin_home_t:s0 Videos

and /root itself ended up with the same system_u:object_r:admin_home_t:s0
label.

That other machine, a server which behaves after an upgrade, shows

-rw-------  root root system_u:object_r:user_home_t    anaconda-ks.cfg
-rw-r--r--  root root system_u:object_r:user_home_t    install.log
-rw-r--r--  root root system_u:object_r:user_home_t    install.log.syslog
drwx------  root root system_u:object_r:user_home_t    Mail
lrwxrwxrwx  root root system_u:object_r:user_home_t    mail -> Mail
lrwxrwxrwx  root root system_u:object_r:user_home_t    Maildir -> Mail
-rw-r--r--  root root system_u:object_r:user_home_t    upgrade.log
-rw-r--r--  root root system_u:object_r:user_home_t    upgrade.log.syslog

and system_u:object_r:user_home_dir_t on /root.

As I already mentioned in both cases 'restorecon -R /root' does not
change anything.

In a sense I really more interested why after an upgrade I am
consistently getting "Unable to get valid context for root" for
the first of these two machines.

   Michal

More information about the fedora-test-list mailing list