I downloaded the policy files from http://www.coker.com.au/selinux/policy/ and installed them on my Slackware system along with the selinux patches, utills, etc. from the NSA site (the August release for a 2.4.21 kernel and the old version of the API patches).

Everything went pretty well - I am now working on cleaning up the policy to get rid of the remaining avc denied messages.

While working on this I noticed in the policy files I downloaded (and the original policy files included in the downloaded files from the NSA site) in file_contexts/types.fc this entry -

/home/jadmin/(/.*)? system_u:object_r:staff_home_t

(I, of course, replaced jadmin with my login name). My question is why is the entry not -

/home/jadmin/(/.*)? jadmin_u:object_r:staff_home_t

When I created new files in my login directory while the selinux kernel is running they are labeled jadmin_u:object_r:staff_home_t

Being new to selinux I think I am missing something - why does the home directory and the files in that directory not set to the id of the owner (jadmin_u) instead of system_u? And is my system doing something wrong by labeling newly created files in my login directory jadmin_u:object_r:staff_home_t?

BTW - I installed gentoo selinux on a different machine. Their installation guide indicates that the later (jadmin_u:object_r:staff_home_t) is correct and the policy files should be edited to use the jadmin_u).

Thanks for any help you can provide.

michael

-- 
---- ---- ----
Michael Reilly    michaelr@cisco.com
    Cisco Systems, Santa Cruz, CA

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.