Description of problem: Adjusting screensaver preferences using Preferences->Screensaver from the menu loses the file context on ~/.xscreensaver. Version-Release number of selected component (if applicable): xscreensaver-4.14-4 policy-1.9.2-13 How reproducible: 100% Steps to Reproduce: 1. su - /sbin/restorecon /home/user/.xscreensaver 2. As user: ls -Z .xscreensaver 3. Preferences->Screensaver, exit 4. ls -Z .xscreensaver Actual results: starts as system_u:object_r:user_screensaver_rw_t ends as user_u:object_r:user_home_t It needs to retain its file context.
I'll respond to the list. I'm not sure why xscreensaver needs a separate context.
Because it needs to read the /etc/passwd file when you lock it. Dan
Unlocking is done via PAM, so any access to /etc/shadow is cordoned off there.
Yes but policy does not allow random executables to run unix_chkpwd which is what pam is running to check and modify the passwd file. Dan
Created attachment 106087 [details] Propagate file security context to rewritten config file Hi Dan, Is this bug still relevant? I don't know much about how SELinux works, but I'm guess a bit based on <selinux/selinux.h>. Is the above patch what you're looking for?
No this is no longer a bug, screensaver is now run under the regular users context so the file gets labeled correctly. Dan