user's home directory labeled incorrectly when created with useradd

Bug #347540 reported by Marshall Miller
6
Affects Status Importance Assigned to Milestone
shadow (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: passwd

Ubuntu version: Hardy
passwd version: 4.0.18.2

Steps to reproduce:
Install selinux
apt-get install selinux

Create user with non-default selinux user login mapping
useradd -m -G admin adminuser
passwd adminuser
semanage login -a -s root adminuser

Login as adminuser and create a user
sudo useradd -m testuser

View the SELinux label assigned to testuser's home directory
ls -dZ /home/testuser

Expected behavior:
The directory /home/testuser should be labeled
unconfined_u:object_r:user_home_dir_t:s0.

Actual behavior:
The directory /home/testuser is labeled
root:object_r:user_home_dir_t:s0.

This is not a problem unless UBAC is enabled in SELinux policy. If it
were enabled, testuser would not be able to create any files in his/her
home directory.

Attached is a copy of the patch used in Fedora 11's shadow-utils-4.1.2-11.fc11 that
has been modified to apply last in the series of patches in the version
of passwd listed above. The patch also adds the -Z option to
useradd/usermod, which allows the SELinux user associated with a user to
be set when the user is created.

Revision history for this message
Marshall Miller (mmiller-tresys) wrote :
description: updated
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers