-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stephen Smalley wrote: > On Fri, 2007-09-28 at 09:51 -0400, Stephen Smalley wrote: >> On Fri, 2007-09-28 at 09:58 -0400, Daniel J Walsh wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Stephen Smalley wrote: >>>> On Fri, 2007-09-28 at 09:36 -0400, Stephen Smalley wrote: >>>>> On Thu, 2007-09-27 at 16:07 -0400, Todd C. Miller wrote: >>>>>> This patch set fixes several regressions found in the new genhomedircon >>>>>> replacement. I've broken things up into their logical parts for easy >>>>>> reading. I've also included Dan's do_rebuild_file_context and swigify >>>>>> patches as a 4th diff. If we want to treat that completely separately >>>>>> we can. >>>>> patch 1/4 yielded a non-buildable tree, so I applied 1/4 and 3/4 >>>>> together as a single commit. >>>>> >>>>> 2/4 applied as a bug fix independent of the others. >>>>> >>>>> 4/4 dropped except for Makefile swigify target. >>>>> >>>>> libsemanage 2.0.10. >>>> Looking again at the output, the order differs - the libsemanage >>>> genhomedircon puts the specific user entries first and then the >>>> generic /home entries, which seems wrong given that later entries take >>>> precedence for matchpathcon. genhomedircon script does the opposite. >>>> >>> It should be alright because of the specificity is greater. >>> >>> /home/dwalsh/.* >>> >>> vs >>> >>> /home/.* >> I don't think that works out in all cases, e.g. >> matchpathcon /home/xguest/.ssh yields a different result. > > Old order (genhomedircon script output): > # matchpathcon /home/xguest/.ssh > /home/xguest/.ssh xguest_u:object_r:xguest_home_t > > New order (latest libsemanage): > # matchpathcon /home/xguest/.ssh > /home/xguest/.ssh system_u:object_r:user_home_ssh_t > > Which did you want it to be? > Yes you are right. The problem is we need to find the failsafe account before writing the general account. How about this patch. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFG/RhdrlYvE4MpobMRAqTmAKDCE7++pT4Cyia9otRgxVKDGliybQCeORmj JjDY5P3SDBwohQRC5uPJwNU= =HkqG -----END PGP SIGNATURE-----