Wrong SELinux context for files in the home directory after login

Solution Verified - Updated -

Issue

There is a problem with login in to host. Third-party application for authentication is in use (Centrify).

Default enforced targeted policy is in use:

$ cat /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


$ getenforce
Enforcing

But first time login is rejected with error in audit.log:

type=AVC msg=audit(1382610901.925:1575): avc:  denied  { read } for  pid=7052 comm="sshd" name=".k5login" dev=dm-5 ino=22 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_home_dir_t:s0 tclass=file

Login works fine after if restorecon is issued for .k5login:

$ restorecon -rv .
restorecon reset /home/user/.kshrc context system_u:object_r:user_home_dir_t:s0->system_u:object_r:user_home_t:s0
restorecon reset /home/user/.bash_profile context system_u:object_r:user_home_dir_t:s0->system_u:object_r:user_home_t:s0
restorecon reset /home/user/.k5login context system_u:object_r:user_home_dir_t:s0->system_u:object_r:krb5_home_t:s0
restorecon reset /home/user/.bash_logout context system_u:object_r:user_home_dir_t:s0->system_u:object_r:user_home_t:s0
restorecon reset /home/user/.bashrc context system_u:object_r:user_home_dir_t:s0->system_u:object_r:user_home_t:s0

$ ls -laZ
drwx------. user group unconfined_u:object_r:user_home_dir_t:s0 .
drwxr-xr-x. root          root     system_u:object_r:home_root_t:s0 ..
-rw-------. user group unconfined_u:object_r:user_home_t:s0 .bash_history
-rw-r--r--. user group system_u:object_r:user_home_t:s0 .bash_logout
-rw-r--r--. user group system_u:object_r:user_home_t:s0 .bash_profile
-rw-r--r--. user group system_u:object_r:user_home_t:s0 .bashrc
-rw-------. user group system_u:object_r:krb5_home_t:s0 .k5login
-rw-r--r--. user group system_u:object_r:user_home_t:s0 .kshrc

Environment

Red Hat Enterprise Linux 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.