Stephen Smalley wrote:
> On Mon, 2005-11-14 at 11:17 -0500, Daniel J Walsh wrote:
>   
>> policycoreutils patch to genhomedircon to use libsemanage to read 
>> seusers file.
>>     
>
> A couple of concerns about upstreaming this patch as is:
> 1) Compatibility.  In addition to dropping compatibility with the older
> usage of genhomedircon from FC3, the patch also doesn't provide any
> backward compatibility for the older system.users/local.users-based
> generation, and requires that the new seusers file be present.  Is that
> ok?  I suppose that genhomedircon is somewhat of an SELinux-internal
> helper at this point (only used by other core SELinux components like
> the policy Makefile and libsemanage), so as long as people don't try to
> install the latest policycoreutils on earlier systems without also
> updating their policy to a corresponding version, they shouldn't have a
> problem.
>   
I don't believe anyone uses this method at present other than the 
developers so I didn't see this as a necessity to maintain.
> 2) Targeted policy specialization.  defaultrole() has a hack for
> targeted policy to remap system_r to user_r as the default role for a
> user when system_r is returned by semanage, and getUsers() has a
> targeted policy-specific hack to handle the root entry in seusers when
> not using semanage.  The latter will break anyone with strict policy
> that isn't converted to using semanage.
>
>   
I thought in strict policy this would be a bug also.  Since it should be 
returning something like staff_r or user_r. 
The previous patch had a problem on non libsemanaged machines.


--