It works and will override the labels of home dir that SELinux applied, that's the issue.
For SELinux enabled system, the user's home dir should have lavel 'user_home_dir_t' instead of 'etc_t', it prevents users from creating files in their home dir. Thanks Wenzong ________________________________________ From: Patrick Ohly [[email protected]] Sent: Thursday, January 04, 2018 7:50 PM To: Fan, Wenzong; José Bollo Cc: [email protected] Subject: Re: [OE-core] [PATCH] shadow: 'useradd' copies root's extended attributes On Thu, 2018-01-04 at 19:39 +0800, wenzong fan wrote: > If so, I think we should wrapper the logic with: > > +#if defined(WITH_ATTR) && !defined(WITH_SELINUX) > + attr_copy_file (def_template, user_home, NULL, NULL); > +#endif Does attr_copy_file fail when SELinux is active? In other words, why should it be disabled when using SELinux? File capabilities are also stored in xattrs. It might be relevant to copy those when using SELinux. Or do I miss something? -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
