(misc)-> (Parent)->(no title provided)
submited by Anonymous Sat 01 Feb 14|
Edited Wed 12 Feb 14
The program say's exactly what the problem is:
"Could not chdir to home directory /home/russell: Permission denied"
It cannot traverse /home/russell
I actually like the transparent by default aspect of SELinux (which is just the same as with traditional Linux security) but programs can be made SELinux aware if they use libselinux functions.
The security policy is customizable so you can't (should not) hard-code based on assumptions,
Anyhow, The issue is pretty straight forward. SELinux stores security meta-data on file systems that support security extended attributes. You created a new file system that did not have security meta-data associated with it yet.
The "file_t" SELinux type, is a type that is associated with a "initial security identifier" called file which is used by SELinux for fail over.
Initial security identifiers are hard-coded in SELinux, customizable security identifiers like SELinux types can be associated with these "isids".
The file_t type was replaced by the unlabeled_t type recently to make things a bit simpler. If you see unlabeled_t type associated with content then you know that either the content has not security meta-data or that one or more security identifiers in the contents security content is invalid.
So if you see content with the "file_t" type then you know that the content has no security meta-data associated with it yet.
To associate the security-metadata to the content simply rum restorecon -R -v -F on the content (example: restorecon -R -v -F /home)
FTP serving user home content can be allowed conditionally with the boolean mentioned above: "ftp_home_dir". This is made conditional because often you do not want FTP to be able to read user home content.
Add comment or question...: