Bug 120164

Summary: preferences GUI loses file context
Product: [Fedora] Fedora Reporter: Tim Waugh <twaugh>
Component: xscreensaverAssignee: Ray Strode [halfline] <rstrode>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: dwalsh, gczarcinski
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-11-02 20:03:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 114963, 123268    
Attachments:
Description Flags
Propagate file security context to rewritten config file none

Description Tim Waugh 2004-04-06 15:11:43 UTC
Description of problem:
Adjusting screensaver preferences using Preferences->Screensaver from
the menu loses the file context on ~/.xscreensaver.

Version-Release number of selected component (if applicable):
xscreensaver-4.14-4
policy-1.9.2-13

How reproducible:
100%

Steps to Reproduce:
1. su - 
   /sbin/restorecon /home/user/.xscreensaver
2. As user: ls -Z .xscreensaver
3. Preferences->Screensaver, exit
4. ls -Z .xscreensaver
  
Actual results:
starts as system_u:object_r:user_screensaver_rw_t
ends as user_u:object_r:user_home_t

It needs to retain its file context.

Comment 1 Bill Nottingham 2004-04-06 15:30:18 UTC
I'll respond to the list. I'm not sure why xscreensaver needs a
separate context.


Comment 2 Daniel Walsh 2004-04-06 15:35:53 UTC
Because it needs to read the /etc/passwd file when you lock it.

Dan

Comment 3 Bill Nottingham 2004-04-06 15:53:41 UTC
Unlocking is done via PAM, so any access to /etc/shadow is cordoned
off there.

Comment 4 Daniel Walsh 2004-04-06 17:37:54 UTC
Yes but policy does not allow random executables to run unix_chkpwd
which is what pam is running to check and modify the passwd file.

Dan

Comment 5 Ray Strode [halfline] 2004-11-02 19:59:05 UTC
Created attachment 106087 [details]
Propagate file security context to rewritten config file

Hi Dan,

Is this bug still relevant?

I don't know much about how SELinux works, but I'm guess a bit based on
<selinux/selinux.h>.  Is the above patch what you're looking for?

Comment 6 Daniel Walsh 2004-11-02 20:03:30 UTC
No this is no longer a bug, screensaver is now run under the regular
users context so the file gets labeled correctly.

Dan