Beware today's updates - selinux is changing home user contexts
Joshua Armstrong
jarmstrong at excelsiorlodge.org
Mon Mar 2 21:02:50 UTC 2009
Mike Cloaked wrote:
> I have just updated some f10 boxes a few minutes ago. On logging on again
> after rebooting to the new kernel this evening, the main user directories
> have had their contexts changed to usr_t so I presume some kind of
> relabelling has been done - but not correctly! After restorecon -vR
> /home/user the contexts have mostly reverted to where they should be - I
> initially noticed because ssh suddenly started demanding a passphrase when
> it should not need one - and then I noted avc denials.....
>
> I hope not too many users are going to have their home directories messed up
> as a result! The relevant update is
> selinux-policy-targeted-3.5.13-46.fc10.noarch.rpm
>
> This is not good - especially for a stable release!
>
I second this - I just verified this on my f10 webserver. Thankfully,
all the important files are set to httpd_sys_content_t and in read-only
directories. But it did break being able to read home directories over
CIFS share.
--
Joshua M. Armstrong
jarmstrong at wi.rr.com
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS d-- s+:+ a-- C++$ UL++++>$
US+++>+ P+ L+++E- W+++ N+ w--$
PS+ PE- Y+ PGP+ R+ tv b+ DI D-- G
e h! r--- !y UF++(+)
------END GEEK CODE BLOCK------
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the fedora-test-list
mailing list