From: justinmattock@gmail.com (Justin Mattock) Date: Wed, 24 Feb 2010 15:51:06 -0800 Subject: [refpolicy] home directory user context question Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com I seem to be doing something wrong with the latest refpolicy from git with configuring the user/login I have in policy/users gen_user(name,system_u, sysadm_r staff_r user_r, s0, s0 - mls_systemhigh, mcs_allcats) then after reboot I: /usr/sbin/semanage login -a -s name:name heres /usr/sbin/semanage user -l Labeling MLS/ MLS/ SELinux User Prefix MCS Level MCS Range SELinux Roles name system_u s0 s0-s0:c0.c255 staff_r user_r sysadm_r root sysadm s0 s0-s0:c0.c255 staff_r sysadm_r staff_u staff s0 s0-s0:c0.c255 staff_r sysadm_r sysadm_u sysadm s0 s0-s0:c0.c255 sysadm_r system_u user s0 s0-s0:c0.c255 system_r unconfined_u unconfined s0 s0-s0:c0.c255 unconfined_r user_u user s0 s0 user_r then /usr/sbin/semanage login -l Login Name SELinux User MLS/MCS Range __default__ user_u s0 name name s0 root root s0-s0:c0.c255 system_u system_u s0-s0:c0.c255 for some reason my home directory is stuck with this context: name:name user:object_r:user_home_t:s0 109 Feb 24 13:52 somefile ^ if I have the system in enforcing mode I can not access any of the files that have the start of the context "user:" but if I chcon name:object_r:user_home_t:s0 ^ I can access my info or change directories am I missing something with my setup for user/login with semanage that gets the contexts to have "user" at the beginning? -- Justin P. Mattock