fedora-selinux January 2012 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: Re: Creating files from initrc_t

Re: Creating files from initrc_t

From: Dominick Grift <dominick.grift_at_nospam>
Date: Mon Jan 23 2012 - 16:19:38 GMT
To: selinux@lists.fedoraproject.org

On Mon, 2012-01-23 at 15:57 +0000, Moray Henderson wrote:
> Hi
>
> On CentOS 5.6, I have just noticed that if a process running under context
> initrc_t creates a file or directory within a user's home directory, that
> object gets user_home_dir_t.
>
> If an unconfined_t process does the same thing, they correctly get
> user_home_t.
>
> Was this a bug or a feature?
>
> selinux-policy-2.4.6-300.el5_6.1
> selinux-policy-targeted-2.4.6-300.el5_6.1
>
>
> Moray.
> "To err is human; to purr, feline."

I guess that depends on how you look at it but compared to recent fedora
policy i guess you could consider this to be a bug.

This is supported in Fedora 16:

# sesearch --allow -s initrc_t -t user_home_dir_t -T | grep user_home_t
   type_transition initrc_t user_home_dir_t : file user_home_t;
   type_transition initrc_t user_home_dir_t : dir user_home_t;
   type_transition initrc_t user_home_dir_t : lnk_file user_home_t;
   type_transition initrc_t user_home_dir_t : sock_file user_home_t;
   type_transition initrc_t user_home_dir_t : fifo_file user_home_t;

>
>
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux