Bug 120038 - gdmsetup can't write to gdm.conf
Summary: gdmsetup can't write to gdm.conf
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: gdm   
(Show other bugs)
Version: rawhide
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Colin Walters
QA Contact: Mike McLean
URL:
Whiteboard:
Keywords: SELinux
Depends On:
Blocks: 122683
TreeView+ depends on / blocked
 
Reported: 2004-04-05 14:10 UTC by Tim Waugh
Modified: 2007-11-30 22:10 UTC (History)
4 users (show)

Fixed In Version: 1.18.2-2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-09-05 01:06:31 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Tim Waugh 2004-04-05 14:10:30 UTC
Description of problem:
In enforcing mode gdmsetup can't write to gdm.conf.

Version-Release number of selected component (if applicable):
gdm-2.6.0.0-2
policy-1.9.2-10

How reproducible:
100%

Steps to Reproduce:
1. Clean install.
2. Log in as root.
3. System Settings->Login Screen
4. Change the graphical greeter style.
5. Close.
6. Log out: style has not changed.
  
Actual results:
audit(1081174438.586:0): avc:  denied  { write } for  pid=3984
exe=/usr/sbin/gdmsetup name=gdm.conf dev=hda2 ino=3836056
scontext=root:staff_r:staff_t tcontext=system_u:object_r:etc_t tclass=file
audit(1081174438.586:0): avc:  denied  { read } for  pid=3984
exe=/usr/sbin/gdmsetup name=gdm.pid dev=hda2 ino=1017147
scontext=root:staff_r:staff_t tcontext=system_u:object_r:xdm_var_run_t
tclass=file

audit2allow says:
allow staff_t etc_t:file { write };
allow staff_t xdm_var_run_t:file { read };

Comment 1 Mark McLoughlin 2004-06-04 13:17:11 UTC
Colin: any chance you could take a poke at this ? 

Comment 2 Colin Walters 2004-06-04 13:59:35 UTC
Yep, adding to my queue.

Comment 3 Daniel Walsh 2004-11-06 05:48:16 UTC
fixed in selinux-policy-strict-1.18.2-2


Note You need to log in before you can comment on or make changes to this bug.