genhomedircon and passwd

genhomedircon and passwd

[Dominick Grift]

Users managed with systemd-homed/userdbd do not get their contexts
generated by genhomedircon on autorelabel at the least (semodule -B
causes genhomedircon to generate contexts for these users just fine).

selinux-autorelabel calls fixfiles and fixfiles calls genhomedircon
genhomedircon skips the users on
https://github.com/SELinuxProject/selinux/blob/master/libsemanage/src/genhomedircon.c#L1015
Users managed by systemd-homed/userdbd do not have an entry in
/etc/passwd.

-- 
gpg --locate-keys dominick.grift@defensec.nl
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
Dominick Grift

Re: genhomedircon and passwd

[Dominick Grift]

On 7/14/20 8:26 AM, Dominick Grift wrote:
> 
> Users managed with systemd-homed/userdbd do not get their contexts
> generated by genhomedircon on autorelabel at the least (semodule -B
> causes genhomedircon to generate contexts for these users just fine).
> 
> selinux-autorelabel calls fixfiles and fixfiles calls genhomedircon
> genhomedircon skips the users on
> https://github.com/SELinuxProject/selinux/blob/master/libsemanage/src/genhomedircon.c#L1015
> Users managed by systemd-homed/userdbd do not have an entry in
> /etc/passwd.
> 

Never mind. I guess this is an issue with selinux-autorelabel instead.
It probably depends on a running systemd-userdb so that getent passwd
USER returns the record. The selinux-autorelabel.service unit should
probably pull in systemd-userdbd.