Patch to correct genhomedircon homedir labeling.

Patch to correct genhomedircon homedir labeling.

[Daniel J Walsh]

[-- Attachment #1: Type: text/plain, Size: 314 bytes --]

semanage can change the __default__ login mapping command to a user 
other than user_u.  This patch will cause genhomedircon to use this 
setting rather than currently always using user_u.

semanage login -m -s staff_u __default__


Should cause all login accounts added by useradd to use staff_home* by 
default.

[-- Attachment #2: genhomedircon.patch --]
[-- Type: text/x-patch, Size: 2355 bytes --]

--- nsapolicycoreutils/scripts/genhomedircon	2007-04-24 10:36:17.000000000 -0400
+++ policycoreutils-2.0.9/scripts/genhomedircon	2007-04-20 13:58:01.000000000 -0400
@@ -136,6 +136,9 @@
 		self.contextdir = "/contexts"
 		self.filecontextdir = self.contextdir+"/files"
 		self.usepwd = usepwd
+		self.default_user = "user_u"
+		self.default_prefix = "user"
+		self.users = self.getUsers()
 
 	def getFileContextDir(self):
 		return self.selinuxdir+self.type+self.filecontextdir
@@ -212,6 +215,10 @@
 		prefs["prefix"] = prefix
 		prefs["home"] = home
 		udict[user] = prefs
+			
+	def setDefaultUser(self, user, prefix):
+		self.default_user = user
+		self.default_prefix = prefix
 		
 	def getUsers(self):
 		udict = {}
@@ -220,7 +227,11 @@
 			for seuser in list:
 				user = []
 				seusername = semanage_seuser_get_sename(seuser)
-				self.adduser(udict, semanage_seuser_get_name(seuser), seusername, self.get_default_prefix(seusername))
+				prefix = self.get_default_prefix(seusername)
+				if semanage_seuser_get_name(seuser) == "__default__":
+					self.setDefaultUser(seusername, prefix)
+
+				self.adduser(udict, semanage_seuser_get_name(seuser), seusername, prefix)
 				
 		else:
 			try:
@@ -270,12 +281,11 @@
 		return ret
 
 	def genHomeDirContext(self):
-		users = self.getUsers()
 		ret = ""
 		# Fill in HOME and prefix for users that are defined
-		for u in users.keys():
-			ret += self.getHomeDirContext (u, users[u]["seuser"], users[u]["home"], users[u]["prefix"])
-			ret += self.getUserContext (u, users[u]["seuser"], users[u]["prefix"])
+		for u in self.users.keys():
+			ret += self.getHomeDirContext (u, self.users[u]["seuser"], self.users[u]["home"], self.users[u]["prefix"])
+			ret += self.getUserContext (u, self.users[u]["seuser"], self.users[u]["prefix"])
 		return ret+"\n"
 
 	def checkExists(self, home):
@@ -322,9 +332,9 @@
 	def genoutput(self):
 		ret = self.heading()
 		for h in self.getHomeDirs():
-			ret += self.getHomeDirContext ("user_u", "user_u" , h+'/[^/]*', "user")
+			ret += self.getHomeDirContext (self.default_user, self.default_user, h+'/[^/]*', self.default_prefix)
 			ret += self.getHomeRootContext(h)
-		ret += self.getUserContext(".*", "user_u", "user") + "\n"
+		ret += self.getUserContext(".*", self.default_user, self.default_prefix) + "\n"
 		ret += self.genHomeDirContext()
 		return ret
 

Re: Patch to correct genhomedircon homedir labeling.

[Stephen Smalley]

On Tue, 2007-04-24 at 10:42 -0400, Daniel J Walsh wrote:
> semanage can change the __default__ login mapping command to a user 
> other than user_u.  This patch will cause genhomedircon to use this 
> setting rather than currently always using user_u.
> 
> semanage login -m -s staff_u __default__
> 
> 
> Should cause all login accounts added by useradd to use staff_home* by 
> default.

Thanks, merged.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.