Re: pam_namespace context inside of name.inst

["Justin P. Mattock" <justinmattock@gmail.com>]

Dominick Grift wrote:
> On Sat, Sep 26, 2009 at 11:12:20PM -0700, Justin Mattock wrote:
>    
>> I'm going crazy over here trying to figure
>> out how one system created a context inside
>> name.inst one way and another for the other system:
>>
>> the first system has inside of
>> name.inst:
>> system_u:object_r:file_t_name
>>      
>
> This is wrong because the fs wasnt labelled properly
>    
That's what I figured,(this is the system that I did not label
before turning on namespace).
>> and on the other system I have:
>>
>> name:object_r:user_home_dir_t_name
>>      
>
> This is right
>    
This is from the system that was labeled before turning on namespace.
>    
>> the only difference with the machines is one machine
>> had not been labeled yet, before turning on namespace.
>>
>> what should be the right context directory inside of
>> name.inst?
>>      
>
> Depends, i think theres 3 different possibilities (not sure)
>
> first theres only name (no selinux) which create a dir with the user name
> second is context which create a dir with the context of the usre home dir (user_home_dir_t and appends the user name
> third is level , which creates a dir with the context of the user home dir and appends the username and also appends the level of the dir.
>
>    
>> -- 
>> Justin P. Mattock
>>
>> --
>> This message was distributed to subscribers of the selinux mailing list.
>> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
>> the words "unsubscribe selinux" without quotes as the message.
>>      
So either you can use(name,context,level) or (meth=1,2,3)?
(I'm wondering if this is all I need to configure)

Anyways what's getting me is after the initial loading
of namespace, the directory is created with the context
(namespace.conf is set to it's default).
Then after wards I haven't found a way to change that directory
(besides using mv, or cp)from what it is(*file_t) to
the correct context(*home_dir_t)

if I delete that directory, then logout/in namespace does not
create another. Is there a way to reset namespace and start fresh
since I messed up and turned on namespace before labeling my filesystem,
causing it to somehow be stuck with the wrong labeled context?

Justin P. Mattock

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.