Bug 127099 - /etc/rc.sysinit creates /tmp/.ICE-unix with wrong SELinux context
Summary: /etc/rc.sysinit creates /tmp/.ICE-unix with wrong SELinux context
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: initscripts
Version: rawhide
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: Brock Organ
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-07-01 21:17 UTC by Tom London
Modified: 2014-03-17 02:46 UTC (History)
1 user (show)

Fixed In Version: 7.59-1
Clone Of:
Environment:
Last Closed: 2004-07-02 02:33:02 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Tom London 2004-07-01 21:17:49 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510

Description of problem:
/etc/rc.sysinit recreates /tmp/.ICE-unix on each boot,
but the SELinux context is not set appropriately,
causing graphical logins to fail when running
in strict/enforcing mode.

It seems to get context
     system_u:object_r:initrc_tmp_t
when it should get
     system_u:object_r:xdm_xserver_tmp_t

Suggested fix.... something like:
***************
*** 730,735 ****
--- 730,736 ----
  # Make ICE directory
  mkdir -m 1777 -p /tmp/.ICE-unix >/dev/null 2>&1
  chown root:root /tmp/.ICE-unix
+ [ -n "$SELINUX" ] && restorecon /tmp/.ICE-unix
   
  # Now turn on swap in case we swap to files.
  swapon -a


Version-Release number of selected component (if applicable):
initscripts-7.58-1

How reproducible:
Always

Steps to Reproduce:
1. boot system in strict/enforcing mode
2. graphical login fails
3. do 'ls -ldZ /tmp/.ICE-unix'
    

Additional info:
Comment 1 Bill Nottingham 2004-07-02 02:33:02 UTC 
Fixed in CVS, will be in 7.59-1.
Note You need to log in before you can comment on or make changes to this bug.