On 01/10/2018 01:01 AM, Patrick Ohly wrote:
On Fri, 2018-01-05 at 01:07 +0000, Fan, Wenzong wrote:
It works and will override the labels of home dir that SELinux
applied, that's the issue.
For SELinux enabled system, the user's home dir should have lavel
'user_home_dir_t' instead of 'etc_t', it prevents users from creating
files in their home dir.
Sounds like the "copy xattr" function needs to become a bit smarter: it
needs to understand some of the semantic involved and skip those
SELinux xattrs that are always meant to be set dynamically by the
running kernel.
Wenzong, which xattrs are those? Do you agree with the proposed
solution?
The xattr for selinux is "security.selinux":
$ getfattr -n security.selinux /home/t1
security.selinux="user_u:object_r:user_home_dir_t:s0-s15:c0.c1023"
I think the "attr_copy_file()" is doing right thing, but it should be
used in a limited situation, such as only for Smack ...
Thanks
Wenzong
Jose, can you look into updating your patch accordingly?
--
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core
