132196 – vipw mislabels /etc/passwd on SE Linux thus breaking the entire system

Bug 132196 - vipw mislabels /etc/passwd on SE Linux thus breaking the entire system

Summary: vipw mislabels /etc/passwd on SE Linux thus breaking the entire system

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	util-linux
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Elliot Lee
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	FC3Blocker FC3SELinux
TreeView+	depends on / blocked

Reported:	2004-09-09 19:41 UTC by Russell Coker
Modified:	2007-11-30 22:10 UTC (History)
CC List:	0 users
Fixed In Version:	2.12a-8
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-09-15 17:23:41 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Russell Coker 2004-09-09 19:41:45 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.3; Linux) (KHTML, like Gecko)

Description of problem:
When vipw creates a new /etc/passwd file it must first read the context of the old file and apply it to the new one.

Otherwise the file gets type shadow_t which is only readable by about a dozen programs and the system becomes almost unusable (will not boot correctly or allow logins).

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
Run SE Linux with strict policy, run "vipw" and make some changes.

Actual Results:  # ls -lZ /etc/passwd
-rw-r--r--  0  root system_u:object_r:shadow_t       /etc/passwd


Expected Results:  #ls -lZ /etc/passwd
-rw-r--r--  root root system_u:object_r:etc_t          /etc/passwd


Additional info:

Comment 1 Nalin Dahyabhai 2004-09-15 17:23:41 UTC

The code to do this was there but not enabled.  Fixing in 2.12a-8.

Note You need to log in before you can comment on or make changes to this bug.