| Summary: | xauth doesn't transition to xauth_t | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Pierre Ossman <ossman> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 20 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl, pierre-bugzilla |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-12-19 20:37:23 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Pierre Ossman
2013-12-18 10:35:55 UTC
We removed the transition from unconfined_t to many domains. Hmm... Ok. This does make it difficult to write file context globs though. The Xauthority file for different users will have different contexts depending on which context the user is allowed to use. Maybe xauth_home_t and such need to go away? The reason why we could remove these transitions is the fact we have "File Name Transitions". So for example $ sesearch -T |grep \".Xauthority Ah, I see. Thanks. I'll have to look at the current policy and see how to apply similar changes to our policy module. If something let me know. We can help you. |