[refpolicy] services_oddjob.patch
Daniel J Walsh
dwalsh at redhat.com
Tue Oct 14 15:12:18 CDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_oddjob.patch
Fix labeling on /usr/lib(64)?/oddjob/mkhomedir
Oddjob will change the user on behalf of the caller, so the caller needs
the + domain_user_exemption_target($1)
Add interface to run mkhomedir
Oddjob sets user and role
Needs to be run with all mcs range
mkhomedir needs chown fowner fsetid dac_override to create homedir
contents
Calls setfscreate to make sure things are labeled correctly
Reads kernel state and calls getpw so needs auth_use_nsswitch
Sends syslog messages
Validates file context
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkj0/SIACgkQrlYvE4MpobPU1gCfY5/ihfa9K64Uk6xtBIwFTc0y
VQUAnRTrj4RGxwivjSEVrYuVpElEh9dh
=ztmK
-----END PGP SIGNATURE-----
More information about the refpolicy
mailing list