Red Hat Bugzilla – Bug 123211
wrong security label sbin_t on /sbin/accton and /sbin/restorecon
Last modified: 2007-11-30 17:10:42 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.6) Gecko/20040206 Firefox/0.8 Description of problem: # ls -Z /sbin/accton /sbin/restorecon -rwxr-xr-x+ root root system_u:object_r:sbin_t /sbin/accton -rwxr-xr-x+ root root system_u:object_r:sbin_t /sbin/restorecon installed policy-sources in files /etc/security/selinux/src/policy/file_contexts/programs/{acct,restorecon}.fc I would expect the security labels to be system_u:object_r:acct_exec_t and system_u:object_r:restorecon_exec_t. However, the .fc files are pattern matching on /usr/sbin instead of /sbin with the result that these two files are labeled sbin_t Version-Release number of selected component (if applicable): 1.11.3-3 How reproducible: Always Steps to Reproduce: 1.ls -Z /sbin/accton /sbin/restorecon 2. 3. Actual Results: # ls -Z /sbin/accton /sbin/restorecon -rwxr-xr-x+ root root system_u:object_r:sbin_t /sbin/accton -rwxr-xr-x+ root root system_u:object_r:sbin_t /sbin/restorecon Expected Results: # ls -Z /sbin/accton /sbin/restorecon -rwxr-xr-x+ root root system_u:object_r:acct_exec_t /sbin/accton -rwxr-xr-x+ root root system_u:object_r:restorecon_exec_t sbin/restorecon Additional info: my temporary fix is to replace /usr/sbin/accton with (/usr)?/sbin/accton and the same for restorecon
Fixed in selinux-policy-strict-1.13.2-7