Beware today's updates - selinux is changing home user contexts

[Mike Cloaked]

Joshua Armstrong-2 wrote:
> 
> Mike Cloaked wrote:
>> I have just updated some f10 boxes a few minutes ago. On logging on again
>> after rebooting to the new kernel this evening, the main user directories
>> have had their contexts changed to usr_t so I presume some kind of
>> relabelling has been done - but not correctly!  After restorecon -vR
>> /home/user the contexts have mostly reverted to where they should be - I
>> initially noticed because ssh suddenly started demanding a passphrase
>> when
>> it should not need one - and then I noted avc denials.....
>>
>> I hope not too many users are going to have their home directories messed
>> up
>> as a result! The relevant update is
>> selinux-policy-targeted-3.5.13-46.fc10.noarch.rpm 
>>
>> This is not good - especially for a stable release!
>>   
> I second this - I just verified this on my f10 webserver. Thankfully, 
> all the important files are set to httpd_sys_content_t and in read-only 
> directories. But it did break being able to read home directories over 
> CIFS share.
> 
> 

I guess these lines in the /var/log/messages are relevant:
Mar  2 19:49:25 home1 yum: Updated: selinux-policy-3.5.13-46.fc10.noarch
Mar  2 19:49:49 home1 dbus: avc:  received policyload notice (seqno=2)
Mar  2 19:49:49 home1 dbus: avc:  received policyload notice (seqno=2)

I guess it will be in BZ before too long - and I notice that -47 is in
updates testing - hopefully this problem will be fixed before -48 is
released!
-- 
View this message in context: http://www.nabble.com/Beware-today%27s-updates---selinux-is-changing-home-user-contexts-tp22296110p22296831.html
Sent from the Fedora Test List mailing list archive at Nabble.com.