Bug 1664650

Summary: Invalid selinux context for files under /etc/authselect
Product: Red Hat Enterprise Linux 8 Reporter: Pavel Březina <pbrezina>
Component: authselectAssignee: Pavel Březina <pbrezina>
Status: CLOSED CURRENTRELEASE QA Contact: Steeve Goveas <sgoveas>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.0CC: eng-l10n-bugs, ljanda, smaitra, wchadwic
Target Milestone: rc   
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: authselect-1.0-10.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-14 01:43:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pavel Březina 2019-01-09 11:54:46 UTC 
Authselect first writes a temporary files and then renames them to their location under /etc/authselect. This however, sets the selinux context to unconfined_u:object_r:etc_t:s0 instead of system_u:object_r:etc_t:s0.

Steps to Reproduce:
1. Run 'authselect select sssd --force'
2. Check context 'ls -lZ /etc/authselect'

Actual results:
Context is unconfined_u:object_r:etc_t:s0.

Expected results:
Context is system_u:object_r:etc_t:s0.

Additional info:
Can be fixed manually with 'restorecon -RvF /etc/authselect'.
Comment 2 Pavel Březina 2019-01-09 12:28:38 UTC 
$ ll -Z /etc/authselect
total 44
-rw-r--r--. 1 root root system_u:object_r:etc_t:s0       52 Jan  9 12:52 authselect.conf
drwxr-xr-x. 2 root root system_u:object_r:etc_t:s0     4096 Jan  7 13:08 custom
-rw-r--r--. 1 root root unconfined_u:object_r:etc_t:s0  231 Jan  9 12:52 dconf-db
-rw-r--r--. 1 root root unconfined_u:object_r:etc_t:s0  205 Jan  9 12:52 dconf-locks
-rw-r--r--. 1 root root unconfined_u:object_r:etc_t:s0   91 Jan  9 12:52 fingerprint-auth
-rw-r--r--. 1 root root unconfined_u:object_r:etc_t:s0 1232 Jan  9 12:52 nsswitch.conf
-rw-r--r--. 1 root root unconfined_u:object_r:etc_t:s0 1970 Jan  9 12:52 password-auth
-rw-r--r--. 1 root root unconfined_u:object_r:etc_t:s0  399 Jan  9 12:52 postlogin
-rw-r--r--. 1 root root unconfined_u:object_r:etc_t:s0   91 Jan  9 12:52 smartcard-auth
-rw-r--r--. 1 root root unconfined_u:object_r:etc_t:s0 1970 Jan  9 12:52 system-auth
-rw-r--r--. 1 root root system_u:object_r:etc_t:s0      381 Oct 11 13:49 user-nsswitch.conf