rhel6: selinux boolean "use_nfs_home_dirs" should allow "automount_tmp_t:dir search"

Solution Unverified - Updated -

Issue

  • we're using nfs(3) home directories in combination with RHEL6
  • the use_nfs_home_dirs boolean is on.
  • this boolean allows sshd and xauth access to nfs_t files, which happens to be the type for a users home directory.
  • however we still had issues with selinux blocking sshd from reading public keys and xauth from creating .Xauthority files
  • analysis of the avc messages (after disabling the dont-audit rules) shows that sshd and xauth are blocked access to automount_tmp_t
  • It turns out that during the login process the home directory transitiones from automount_tmp_t to nfs_t

Environment

  • Red Hat Enterprise Linux (RHEL) 6.6
  • selinux-policy-3.7.19-260.el6_6.1
  • selinux

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.