On Sat, Apr 23, 2016 at 8:04 AM, Jason Zaman <jason@perfinion.com> wrote:

Version 2 of the genhomedircon patches. These fix a few issues
that Nicolas Iooss found.

Changes from v1:

- Changed the fallback for the username to "[^/]+" instead of
"[^/]*" or ".*"
- Made args const in write_replacements()
- Combined the %{USERNAME} and %{USERID} replacements into one
method so they both get called together. This means that
fcontexts like "%{USERNAME}-%{USERID}" become eg "root-0"
as expected.
- I left the gid param in the struct for now. genhomedircon
does not generate things for eg "%wheel" which I will look
into later.

Hello,

I have read these patches and tested them on my system. They seem to work fine: I added some corner-case file context patterns to my policy (mixing USER, %{USERNAME}, %{USERID}, ROLE and system_u) and checked the content of /etc/selinux/.../contexts/files/file_contexts.homedirs, the result of "matchpathcon" (on existing and non-existing paths) and the behavior of systemd-logind (which labels correctly the files). This set of patches looks good to me.

Thanks,

Nicolas