There should be a file context equivalence mapping between /var/home and /home.
matchpathcon /var/home/tob /var/home/tob unconfined_u:object_r:user_home_dir_t:s0 It should definitely not be default_t. On 09/15/2015 10:39 AM, Tobias Florek wrote: > Hi, > > after fixing the ostree-provided fs labels, there seem to be additional > problems. E.g.: > > # ls -Z /var/home/tob -d > unconfined_u:object_r:default_t:s0 /var/home/tob/ > > which should most likely be unconfined_u:object_r:user_home_dir_t:s0. > > That's most likely the cause of many more ssh AVCs I get. > > Reading through the list of AVCs I get the feeling that most files are > mislabeled. restorecon -n does not say anything is wrong, so I am led to > believe that restorecon does not know its way on atomic hosts. > > > I will keep that machine to debug the selinux tools, if you think that's > reasonable. > > > Cheers, > Tobias Florek
