Bug 127099 - /etc/rc.sysinit creates /tmp/.ICE-unix with wrong SELinux context
/etc/rc.sysinit creates /tmp/.ICE-unix with wrong SELinux context
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: initscripts (Show other bugs)
rawhide
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Brock Organ
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-07-01 17:17 EDT by Tom London
Modified: 2014-03-16 22:46 EDT (History)
1 user (show)

See Also:
Fixed In Version: 7.59-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-07-01 22:33:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Tom London 2004-07-01 17:17:49 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510

Description of problem:
/etc/rc.sysinit recreates /tmp/.ICE-unix on each boot,
but the SELinux context is not set appropriately,
causing graphical logins to fail when running
in strict/enforcing mode.

It seems to get context
     system_u:object_r:initrc_tmp_t
when it should get
     system_u:object_r:xdm_xserver_tmp_t

Suggested fix.... something like:
***************
*** 730,735 ****
--- 730,736 ----
  # Make ICE directory
  mkdir -m 1777 -p /tmp/.ICE-unix >/dev/null 2>&1
  chown root:root /tmp/.ICE-unix
+ [ -n "$SELINUX" ] && restorecon /tmp/.ICE-unix
   
  # Now turn on swap in case we swap to files.
  swapon -a


Version-Release number of selected component (if applicable):
initscripts-7.58-1

How reproducible:
Always

Steps to Reproduce:
1. boot system in strict/enforcing mode
2. graphical login fails
3. do 'ls -ldZ /tmp/.ICE-unix'
    

Additional info:
Comment 1 Bill Nottingham 2004-07-01 22:33:02 EDT
Fixed in CVS, will be in 7.59-1.

Note You need to log in before you can comment on or make changes to this bug.