This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 120164 - preferences GUI loses file context
preferences GUI loses file context
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: xscreensaver (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ray Strode [halfline]
:
Depends On:
Blocks: FC2Target FC3Target
  Show dependency treegraph
 
Reported: 2004-04-06 11:11 EDT by Tim Waugh
Modified: 2007-11-30 17:10 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-11-02 15:03:30 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Propagate file security context to rewritten config file (5.69 KB, patch)
2004-11-02 14:59 EST, Ray Strode [halfline]
no flags Details | Diff

  None (edit)
Description Tim Waugh 2004-04-06 11:11:43 EDT
Description of problem:
Adjusting screensaver preferences using Preferences->Screensaver from
the menu loses the file context on ~/.xscreensaver.

Version-Release number of selected component (if applicable):
xscreensaver-4.14-4
policy-1.9.2-13

How reproducible:
100%

Steps to Reproduce:
1. su - 
   /sbin/restorecon /home/user/.xscreensaver
2. As user: ls -Z .xscreensaver
3. Preferences->Screensaver, exit
4. ls -Z .xscreensaver
  
Actual results:
starts as system_u:object_r:user_screensaver_rw_t
ends as user_u:object_r:user_home_t

It needs to retain its file context.
Comment 1 Bill Nottingham 2004-04-06 11:30:18 EDT
I'll respond to the list. I'm not sure why xscreensaver needs a
separate context.
Comment 2 Daniel Walsh 2004-04-06 11:35:53 EDT
Because it needs to read the /etc/passwd file when you lock it.

Dan
Comment 3 Bill Nottingham 2004-04-06 11:53:41 EDT
Unlocking is done via PAM, so any access to /etc/shadow is cordoned
off there.
Comment 4 Daniel Walsh 2004-04-06 13:37:54 EDT
Yes but policy does not allow random executables to run unix_chkpwd
which is what pam is running to check and modify the passwd file.

Dan
Comment 5 Ray Strode [halfline] 2004-11-02 14:59:05 EST
Created attachment 106087 [details]
Propagate file security context to rewritten config file

Hi Dan,

Is this bug still relevant?

I don't know much about how SELinux works, but I'm guess a bit based on
<selinux/selinux.h>.  Is the above patch what you're looking for?
Comment 6 Daniel Walsh 2004-11-02 15:03:30 EST
No this is no longer a bug, screensaver is now run under the regular
users context so the file gets labeled correctly.

Dan

Note You need to log in before you can comment on or make changes to this bug.