Bug 1659905
Summary: | Incorrect SELinux label of fontconfig cache directory | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Maciek Borzecki <maciek.borzecki> |
Component: | selinux-policy-targeted | Assignee: | Zdenek Pytela <zpytela> |
Status: | CLOSED ERRATA | QA Contact: | Ben Levenson <benl> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 29 | CC: | ajax, dwalsh, fonts-bugs, herrold, i18n-bugs, john.j5live, lvrabec, mclasen, pnemade, rhughes, rstrode, sandmann, tagoh |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-08-18 01:56:37 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Maciek Borzecki
2018-12-17 07:45:36 UTC
Similarly $HOME/.config/fontconfig/fonts.conf and $HOME/.config/fontconfig/conf.d/* for user_fonts_config_t and $HOME/.cache/fontconfig/* for user_fonts_cache_t Hi, Thank you for reporting the issue. I am currently checking the possible ways of resolving as there are already rules for the per-application configuration directories. # semanage fcontext -l| grep /home.*fonts_cache_t /home/[^/]+/\.fontconfig(/.*)? all files unconfined_u:object_r:user_fonts_cache_t:s0 /home/[^/]+/\.fonts/auto(/.*)? all files unconfined_u:object_r:user_fonts_cache_t:s0 /home/[^/]+/\.fonts\.cache-.* regular file unconfined_u:object_r:user_fonts_cache_t:s0 I think all of them are deprecated paths to store fontconfig caches. those are still valid for backward compatibility but will be dropped in the future. though no ETA of dropping so far. Created a PR, waiting for review: https://github.com/fedora-selinux/selinux-policy/pull/253 Another PR for a new interface: https://github.com/fedora-selinux/selinux-policy-contrib/pull/97 FEDORA-2019-096a80ef39 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-096a80ef39 selinux-policy-3.14.2-61.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-096a80ef39 FEDORA-2019-2eec328cc1 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-2eec328cc1 selinux-policy-3.14.2-62.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-2eec328cc1 FEDORA-2019-8071724c9b has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-8071724c9b selinux-policy-3.14.2-63.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-8071724c9b FEDORA-2019-b51794f502 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-b51794f502 selinux-policy-3.14.2-64.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-b51794f502 selinux-policy-3.14.2-64.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report. |