Red Hat Bugzilla – Bug 132196
vipw mislabels /etc/passwd on SE Linux thus breaking the entire system
Last modified: 2007-11-30 17:10:48 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.3; Linux) (KHTML, like Gecko)
Description of problem:
When vipw creates a new /etc/passwd file it must first read the context of the old file and apply it to the new one.
Otherwise the file gets type shadow_t which is only readable by about a dozen programs and the system becomes almost unusable (will not boot correctly or allow logins).
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Run SE Linux with strict policy, run "vipw" and make some changes.
Actual Results: # ls -lZ /etc/passwd
-rw-r--r-- 0 root system_u:object_r:shadow_t /etc/passwd
Expected Results: #ls -lZ /etc/passwd
-rw-r--r-- root root system_u:object_r:etc_t /etc/passwd
The code to do this was there but not enabled. Fixing in 2.12a-8.