Bug 1290410 - [RFE] newrole environment loading from /etc/passwd in MLS policy
[RFE] newrole environment loading from /etc/passwd in MLS policy
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: policycoreutils (Show other bugs)
7.5
All Linux
medium Severity medium
: rc
: ---
Assigned To: Petr Lautrbach
Milos Malik
: FutureFeature
Depends On:
Blocks: 1218420
  Show dependency treegraph
 
Reported: 2015-12-10 08:04 EST by Marek Marusic
Modified: 2017-08-01 03:37 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Marek Marusic 2015-12-10 08:04:23 EST
Description of problem:
When using newrole command after /bin/su - <user>
the environment data for <user> are loaded from firstly logged user and not from the /etc/passwd.

Version-Release number of selected component (if applicable):
policycoreutils-newrole-2.2.5-20.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. Login user as sysadm_r
2. /bin/su -
3. newrole -r sysadm_r
4. echo $HOME

Actual results:
#/bin/su -
# echo $HOME
/root
# newrole -r sysadm_r
# echo $HOME
/home/tester
# newrole -r secadm_r
# echo $HOME
/home/tester


Expected results:
The environment for root should be loaded from /etc/passwd
#/bin/su -
# echo $HOME
/root
# newrole -r sysadm_r
# echo $HOME
/root
# newrole -r secadm_r
# echo $HOME
/root


Additional info:
Also when I use "/bin/su -" from user "tester" and then use newrole -r sysadm_r it asks for password of the user "tester" not the root password
Comment 2 Miroslav Vadkerti 2016-01-14 04:24:55 EST
The behaviour is very odd and can cause suprises in MLS. The issue was present forever and might not be an easy fix, thus triaging this as medium only.

Note You need to log in before you can comment on or make changes to this bug.