On Sat, Apr 23, 2016 at 8:04 AM, Jason Zaman <jason@perfinion.com> wrote:

> Version 2 of the genhomedircon patches. These fix a few issues
> that Nicolas Iooss found.
>
> Changes from v1:
>
> - Changed the fallback for the username to "[^/]+" instead of
>     "[^/]*" or ".*"
> - Made args const in write_replacements()
> - Combined the %{USERNAME} and %{USERID} replacements into one
>     method so they both get called together. This means that
>     fcontexts like "%{USERNAME}-%{USERID}" become eg "root-0"
>     as expected.
> - I left the gid param in the struct for now. genhomedircon
>     does not generate things for eg "%wheel" which I will look
>     into later.
>

Hello,
I have read these patches and tested them on my system. They seem to work
fine: I added some corner-case file context patterns to my policy (mixing
USER, %{USERNAME}, %{USERID}, ROLE and system_u) and checked the content of
/etc/selinux/.../contexts/files/file_contexts.homedirs, the result of
"matchpathcon" (on existing and non-existing paths) and the behavior of
systemd-logind (which labels correctly the files). This set of patches
looks good to me.

Thanks,
Nicolas