[OE-core] [PATCH] shadow: 'useradd' copies root's extended attributes
wenzong fan
wenzong.fan at windriver.com
Wed Jan 10 09:50:19 UTC 2018
On 01/10/2018 01:01 AM, Patrick Ohly wrote:
> On Fri, 2018-01-05 at 01:07 +0000, Fan, Wenzong wrote:
>> It works and will override the labels of home dir that SELinux
>> applied, that's the issue.
>>
>> For SELinux enabled system, the user's home dir should have lavel
>> 'user_home_dir_t' instead of 'etc_t', it prevents users from creating
>> files in their home dir.
>
> Sounds like the "copy xattr" function needs to become a bit smarter: it
> needs to understand some of the semantic involved and skip those
> SELinux xattrs that are always meant to be set dynamically by the
> running kernel.
>
> Wenzong, which xattrs are those? Do you agree with the proposed
> solution?
The xattr for selinux is "security.selinux":
$ getfattr -n security.selinux /home/t1
security.selinux="user_u:object_r:user_home_dir_t:s0-s15:c0.c1023"
I think the "attr_copy_file()" is doing right thing, but it should be
used in a limited situation, such as only for Smack ...
Thanks
Wenzong
>
> Jose, can you look into updating your patch accordingly?
>
More information about the Openembedded-core
mailing list