On master branch:
Create on F25 a ipa MASTER (with mkhomedir) and a client (with mkhomedir).
Create a home directory (/freeipa_home) on MASTER and client
dr-xr-xr-x. 21 root root system_u:object_r:root_t:s0 4096 Feb 15 16:35 / drwxrwxrwx. 3 root root unconfined_u:object_r:default_t:s0 4096 Feb 15 16:37 /freeipa_home
On Master, create 'user', set its home directory under /freeipa_home, kinit succeeds, 'su - user' succeeds to create home directory.
On client, kinit succeeds but 'su - user' fails to create the home directory fails with this AVC
type=AVC msg=audit(1487174950.715:2781): avc: denied { write } for pid=124651 comm="mkhomedir" name="freeipa_home" dev="dm-0" ino=406364 scontext=unconfined_u:unconfined_r:oddjob_mkhomedir_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:default_t:s0 tclass=dir permissive=0
Workaround: run in permissive mode
Was reported as part of: https://bugzilla.redhat.com/show_bug.cgi?id=1426646
Metadata Update from @tbordaz: - Issue assigned to someone - Issue set to the milestone: FreeIPA 4.5
Metadata Update from @mbasti: - Issue close_status updated to: None - Issue set to the milestone: FreeIPA 4.5.1 (was: FreeIPA 4.5)
Metadata Update from @mbasti: - Issue set to the milestone: FreeIPA 4.5.2 (was: FreeIPA 4.5.1)
FreeIPA 4.5.1 has been released, moving to FreeIPA 4.5.2 milestone
Metadata Update from @tkrizek: - Issue set to the milestone: FreeIPA 4.5.3 (was: FreeIPA 4.5.2)
Metadata Update from @tkrizek: - Issue set to the milestone: FreeIPA 4.5.4 (was: FreeIPA 4.5.3)
Metadata Update from @tkrizek: - Issue set to the milestone: FreeIPA 4.5.5 (was: FreeIPA 4.5.4)
Fixed in selinux-policy-3.13.1-251.fc26
Metadata Update from @rcritten: - Custom field blocking reset (from #6592) - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.