Description of problem:
Adjusting screensaver preferences using Preferences->Screensaver from
the menu loses the file context on ~/.xscreensaver.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. su -
2. As user: ls -Z .xscreensaver
3. Preferences->Screensaver, exit
4. ls -Z .xscreensaver
starts as system_u:object_r:user_screensaver_rw_t
ends as user_u:object_r:user_home_t
It needs to retain its file context.
I'll respond to the list. I'm not sure why xscreensaver needs a
Because it needs to read the /etc/passwd file when you lock it.
Unlocking is done via PAM, so any access to /etc/shadow is cordoned
Yes but policy does not allow random executables to run unix_chkpwd
which is what pam is running to check and modify the passwd file.
Created attachment 106087 [details]
Propagate file security context to rewritten config file
Is this bug still relevant?
I don't know much about how SELinux works, but I'm guess a bit based on
<selinux/selinux.h>. Is the above patch what you're looking for?
No this is no longer a bug, screensaver is now run under the regular
users context so the file gets labeled correctly.