Beware today's updates - selinux is changing home user contexts

[Jerry Amundson]

On Mon, Mar 2, 2009 at 3:25 PM, Mike Cloaked <mike.cloaked at gmail.com> wrote:
> Joshua Armstrong-2 wrote:
>> Mike Cloaked wrote:
>>> I have just updated some f10 boxes a few minutes ago. On logging on again
>>> after rebooting to the new kernel this evening, the main user directories
>>> have had their contexts changed to usr_t so I presume some kind of
>>> relabelling has been done - but not correctly!  After restorecon -vR
>>> /home/user the contexts have mostly reverted to where they should be - I
>>> initially noticed because ssh suddenly started demanding a passphrase
>>> when
>>> it should not need one - and then I noted avc denials.....
>>>
>>> I hope not too many users are going to have their home directories messed
>>> up
>>> as a result! The relevant update is
>>> selinux-policy-targeted-3.5.13-46.fc10.noarch.rpm
>>>
>>> This is not good - especially for a stable release!
>>>
>> I second this - I just verified this on my f10 webserver. Thankfully,
>> all the important files are set to httpd_sys_content_t and in read-only
>> directories. But it did break being able to read home directories over
>> CIFS share.
>>
>>
>
> I guess these lines in the /var/log/messages are relevant:
> Mar  2 19:49:25 home1 yum: Updated: selinux-policy-3.5.13-46.fc10.noarch
> Mar  2 19:49:49 home1 dbus: avc:  received policyload notice (seqno=2)
> Mar  2 19:49:49 home1 dbus: avc:  received policyload notice (seqno=2)
>
> I guess it will be in BZ before too long - and I notice that -47 is in
> updates testing - hopefully this problem will be fixed before -48 is
> released!

Works for me. My f10 updates-testing laptop installed
selinux-policy-targeted-3.5.13-46.fc10.noarch last Thursday, Feb 26. I
see one "dbus: avc:  received policyload notice (seqno=2)" from then,
but user_home_dir_t is still set as expected.

jerry