From: dwalsh@redhat.com (Daniel J Walsh)
Date: Tue, 14 Oct 2008 16:12:18 -0400
Subject: [refpolicy] services_oddjob.patch
Message-ID: <48F4FD22.5060103@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_oddjob.patch

Fix labeling on /usr/lib(64)?/oddjob/mkhomedir

Oddjob will change the user on behalf of the caller, so the caller needs
the +       domain_user_exemption_target($1)


Add interface to run mkhomedir

Oddjob sets user and role

Needs to be run with all mcs range

mkhomedir needs  chown fowner fsetid dac_override  to create homedir
contents

Calls setfscreate to make sure things are labeled correctly

Reads kernel state and calls getpw so needs auth_use_nsswitch

Sends syslog messages

Validates file context
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkj0/SIACgkQrlYvE4MpobPU1gCfY5/ihfa9K64Uk6xtBIwFTc0y
VQUAnRTrj4RGxwivjSEVrYuVpElEh9dh
=ztmK
-----END PGP SIGNATURE-----