120038 – gdmsetup can't write to gdm.conf

Bug 120038 - gdmsetup can't write to gdm.conf

Summary: gdmsetup can't write to gdm.conf

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	gdm
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Colin Walters
QA Contact:	Mike McLean
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	122683
TreeView+	depends on / blocked

Reported:	2004-04-05 14:10 UTC by Tim Waugh
Modified:	2007-11-30 22:10 UTC (History)
CC List:	4 users (show)
Fixed In Version:	1.18.2-2
Clone Of:
Environment:
Last Closed:	2005-09-05 01:06:31 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Tim Waugh 2004-04-05 14:10:30 UTC

Description of problem:
In enforcing mode gdmsetup can't write to gdm.conf.

Version-Release number of selected component (if applicable):
gdm-2.6.0.0-2
policy-1.9.2-10

How reproducible:
100%

Steps to Reproduce:
1. Clean install.
2. Log in as root.
3. System Settings->Login Screen
4. Change the graphical greeter style.
5. Close.
6. Log out: style has not changed.
  
Actual results:
audit(1081174438.586:0): avc:  denied  { write } for  pid=3984
exe=/usr/sbin/gdmsetup name=gdm.conf dev=hda2 ino=3836056
scontext=root:staff_r:staff_t tcontext=system_u:object_r:etc_t tclass=file
audit(1081174438.586:0): avc:  denied  { read } for  pid=3984
exe=/usr/sbin/gdmsetup name=gdm.pid dev=hda2 ino=1017147
scontext=root:staff_r:staff_t tcontext=system_u:object_r:xdm_var_run_t
tclass=file

audit2allow says:
allow staff_t etc_t:file { write };
allow staff_t xdm_var_run_t:file { read };

Comment 1 Mark McLoughlin 2004-06-04 13:17:11 UTC

Colin: any chance you could take a poke at this ?

Comment 2 Colin Walters 2004-06-04 13:59:35 UTC

Yep, adding to my queue.

Comment 3 Daniel Walsh 2004-11-06 05:48:16 UTC

fixed in selinux-policy-strict-1.18.2-2

Note You need to log in before you can comment on or make changes to this bug.