From c9e40e083e2f92be6ff7e2f71c60f2cfbb625145 Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Wed, 6 Feb 2019 10:28:11 -0500
Subject: [PATCH] Drop /var/home -> /home equivalency rule

This was previously needed because on RPM-OSTree systems, user homes
were located in `/var/home` while the default home specified in
`etc/default/useradd` was still `/home`. This meant that `genhomedircon`
(which parses `/etc/default/useradd` to find the homedir) rendered the
`HOME_DIR` template rules as `/home` into `file_contexts.homedirs`. So
then, we needed this equivalency rule so that `/var/home/...` was
equivalent to the generated `/home/...` rules.

Now however, RPM-OSTree correctly fixes `/etc/default/useradd` to point
to `/var/home` [1]. This now means that `file_contexts.homedirs` does
correctly hold `/var/home/...` rules. Thus we no longer need this
equivalency rule. In fact, it now actively prevents proper labeling of
the home dirs since `/home/...` is now considered `default_t` [2]. If
anything, we'd want the *inverse* rule of `/home --> `/var/home`, but
only on RPM-OSTree systems, which I'm not sure how easy it'd be to do
here. In practice, since SELinux uses the resolved path before matching
a rule, all paths under `/home/...` will end up as `/var/home/...`.

IOW, the hack we added to make `/var/home` labeled like `/home` on
RPM-OSTree systems is no longer needed now that RPM-OSTree correctly
sets `HOME`, which SELinux picks up on.

As for root's home, it's part of the main context list and isn't
templated, so it's always `/root`, and so we do still need the
equivalency rule there.

[1] https://github.com/projectatomic/rpm-ostree/pull/1726
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1669982
---
 file_contexts.subs_dist | 1 -
 1 file changed, 1 deletion(-)

diff --git a/file_contexts.subs_dist b/file_contexts.subs_dist
index 2df2d45a..f64b2317 100644
--- a/file_contexts.subs_dist
+++ b/file_contexts.subs_dist
@@ -12,7 +12,6 @@
 /var/lib/xguest/home /home
 /var/named/chroot/usr/lib64 /usr/lib
 /var/named/chroot/lib64 /usr/lib
-/var/home            /home
 /home-inst            /home
 /home/home-inst            /home
 /var/roothome        /root