Bug 132196 - vipw mislabels /etc/passwd on SE Linux thus breaking the entire system
vipw mislabels /etc/passwd on SE Linux thus breaking the entire system
Product: Fedora
Classification: Fedora
Component: util-linux (Show other bugs)
All Linux
medium Severity high
: ---
: ---
Assigned To: Elliot Lee
Ben Levenson
Depends On:
Blocks: FC3Blocker FC3SELinux
  Show dependency treegraph
Reported: 2004-09-09 15:41 EDT by Russell Coker
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version: 2.12a-8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-09-15 13:23:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Russell Coker 2004-09-09 15:41:45 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.3; Linux) (KHTML, like Gecko)

Description of problem:
When vipw creates a new /etc/passwd file it must first read the context of the old file and apply it to the new one.

Otherwise the file gets type shadow_t which is only readable by about a dozen programs and the system becomes almost unusable (will not boot correctly or allow logins).

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Run SE Linux with strict policy, run "vipw" and make some changes.

Actual Results:  # ls -lZ /etc/passwd
-rw-r--r--  0  root system_u:object_r:shadow_t       /etc/passwd

Expected Results:  #ls -lZ /etc/passwd
-rw-r--r--  root root system_u:object_r:etc_t          /etc/passwd

Additional info:
Comment 1 Nalin Dahyabhai 2004-09-15 13:23:41 EDT
The code to do this was there but not enabled.  Fixing in 2.12a-8.

Note You need to log in before you can comment on or make changes to this bug.