On Fri, Feb 09, 2007 at 04:37:42PM -0500, Linda Knippers wrote: > Hi Klaus, > > > Simplify admin account creation, work around autorelabel $HOME issues > > I don't think this works. I think the useradd command isn't doing what > we expect. With a command like this (taken right out of the ks script): > useradd -m -c "ljk2" -G wheel -Z staff_u ljk2 > I end up with an ljk2 user that is staff_u:s0 (note s0) in > /etc/selinux/mls/seusers. > > The home directory is labeled: > user_u:object_r:user_home_dir_t:SystemLow-SystemHigh > > If I do a restorecon -v I get this: > restorecon reset /home/ljk2 context > user_u:object_r:user_home_dir_t:s0-s15:c0.c1023->staff_u:object_r:staff_home_dir_t:s0-s15:c0.c1023 > > There's a comment in the ks script: > # no need to set MLS level, > # staff_u defaults to SystemLow-SystemHigh range > But that doesn't seem to be the case. > > If staff_u is supposed to default to SystemLow-SystemHigh then useradd isn't > doing the right thing when it creates the selinux user and it doesn't seem to > be creating the home directory with the right context. > > Should I open a new bugzilla or does Dan think we need the semanage and > restorecon no matter what?
I'm adding the semanage and restorecon again. If they are redundant due to other tool fixes we can always remove them again, but they shouldn't hurt. -Klaus -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
