Bug 433757

Summary: useradd assignes incorrect SELinux type to /var/spool/mail/newuser
Product: [Fedora] Fedora Reporter: Stepan Kasal <kasal>
Component: shadow-utilsAssignee: Peter Vrabec <pvrabec>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: tmraz
Target Milestone: ---Keywords: SELinux
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-03-03 15:07:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Patch to fix /var/spool/mail labeling and useradd -Z user_u dwalsh problem none

Description Stepan Kasal 2008-02-21 10:22:40 UTC 
Description of problem:
useradd creates an empty mail spool file, assigning it SELinux type user_home_t.
This can cause problems later, for example when logwatch visits /var/spool/mail
(this was the denial which actually triggered this bug report).

Version-Release number of selected component (if applicable):
selinux-policy-3.2.8-1.fc9.noarch
shadow-utils-4.1.0-2.fc9.i386

How reproducible:
always

Steps to Reproduce:
1. login as root
2. useradd sladek
3. ls -lZ /var/spool/mail/sladek

Actual type: user_home_t
Expected type: mail_spool_t
Comment 1 Daniel Walsh 2008-02-21 15:05:20 UTC 
Created attachment 295515 [details]
Patch to fix /var/spool/mail labeling and useradd -Z user_u dwalsh problem

Tomas, 

We never reset the setfscreatecon to the default after creating the homedir. 
Also if you modify the default SELinux User, useradd execs semanage, but this
was happening before the uid was created so it was failing.  Needs to happen
after the UID is created.
Comment 2 Daniel Walsh 2008-02-21 15:06:07 UTC 
Sorry should have commented to Peter.
Comment 3 Peter Vrabec 2008-03-03 15:07:45 UTC 
fixed in shadow-utils-4.1.0-4.fc9,
thnx. Daniel