Bug 120164 - preferences GUI loses file context
Summary: preferences GUI loses file context
Alias: None
Product: Fedora
Classification: Fedora
Component: xscreensaver
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Ray Strode [halfline]
QA Contact:
Depends On:
Blocks: FC2Target FC3Target
TreeView+ depends on / blocked
Reported: 2004-04-06 15:11 UTC by Tim Waugh
Modified: 2007-11-30 22:10 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2004-11-02 20:03:30 UTC
Type: ---

Attachments (Terms of Use)
Propagate file security context to rewritten config file (5.69 KB, patch)
2004-11-02 19:59 UTC, Ray Strode [halfline]
no flags Details | Diff

Description Tim Waugh 2004-04-06 15:11:43 UTC
Description of problem:
Adjusting screensaver preferences using Preferences->Screensaver from
the menu loses the file context on ~/.xscreensaver.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. su - 
   /sbin/restorecon /home/user/.xscreensaver
2. As user: ls -Z .xscreensaver
3. Preferences->Screensaver, exit
4. ls -Z .xscreensaver
Actual results:
starts as system_u:object_r:user_screensaver_rw_t
ends as user_u:object_r:user_home_t

It needs to retain its file context.

Comment 1 Bill Nottingham 2004-04-06 15:30:18 UTC
I'll respond to the list. I'm not sure why xscreensaver needs a
separate context.

Comment 2 Daniel Walsh 2004-04-06 15:35:53 UTC
Because it needs to read the /etc/passwd file when you lock it.


Comment 3 Bill Nottingham 2004-04-06 15:53:41 UTC
Unlocking is done via PAM, so any access to /etc/shadow is cordoned
off there.

Comment 4 Daniel Walsh 2004-04-06 17:37:54 UTC
Yes but policy does not allow random executables to run unix_chkpwd
which is what pam is running to check and modify the passwd file.


Comment 5 Ray Strode [halfline] 2004-11-02 19:59:05 UTC
Created attachment 106087 [details]
Propagate file security context to rewritten config file

Hi Dan,

Is this bug still relevant?

I don't know much about how SELinux works, but I'm guess a bit based on
<selinux/selinux.h>.  Is the above patch what you're looking for?

Comment 6 Daniel Walsh 2004-11-02 20:03:30 UTC
No this is no longer a bug, screensaver is now run under the regular
users context so the file gets labeled correctly.


Note You need to log in before you can comment on or make changes to this bug.