Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 120164 - preferences GUI loses file context
preferences GUI loses file context
Product: Fedora
Classification: Fedora
Component: xscreensaver (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ray Strode [halfline]
Depends On:
Blocks: FC2Target FC3Target
  Show dependency treegraph
Reported: 2004-04-06 11:11 EDT by Tim Waugh
Modified: 2007-11-30 17:10 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-11-02 15:03:30 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Propagate file security context to rewritten config file (5.69 KB, patch)
2004-11-02 14:59 EST, Ray Strode [halfline]
no flags Details | Diff

  None (edit)
Description Tim Waugh 2004-04-06 11:11:43 EDT
Description of problem:
Adjusting screensaver preferences using Preferences->Screensaver from
the menu loses the file context on ~/.xscreensaver.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. su - 
   /sbin/restorecon /home/user/.xscreensaver
2. As user: ls -Z .xscreensaver
3. Preferences->Screensaver, exit
4. ls -Z .xscreensaver
Actual results:
starts as system_u:object_r:user_screensaver_rw_t
ends as user_u:object_r:user_home_t

It needs to retain its file context.
Comment 1 Bill Nottingham 2004-04-06 11:30:18 EDT
I'll respond to the list. I'm not sure why xscreensaver needs a
separate context.
Comment 2 Daniel Walsh 2004-04-06 11:35:53 EDT
Because it needs to read the /etc/passwd file when you lock it.

Comment 3 Bill Nottingham 2004-04-06 11:53:41 EDT
Unlocking is done via PAM, so any access to /etc/shadow is cordoned
off there.
Comment 4 Daniel Walsh 2004-04-06 13:37:54 EDT
Yes but policy does not allow random executables to run unix_chkpwd
which is what pam is running to check and modify the passwd file.

Comment 5 Ray Strode [halfline] 2004-11-02 14:59:05 EST
Created attachment 106087 [details]
Propagate file security context to rewritten config file

Hi Dan,

Is this bug still relevant?

I don't know much about how SELinux works, but I'm guess a bit based on
<selinux/selinux.h>.  Is the above patch what you're looking for?
Comment 6 Daniel Walsh 2004-11-02 15:03:30 EST
No this is no longer a bug, screensaver is now run under the regular
users context so the file gets labeled correctly.


Note You need to log in before you can comment on or make changes to this bug.