From Bugzilla Helper: User-Agent: Mozilla/5.0 (compatible; Konqueror/3.3; Linux) (KHTML, like Gecko) Description of problem: When vipw creates a new /etc/passwd file it must first read the context of the old file and apply it to the new one. Otherwise the file gets type shadow_t which is only readable by about a dozen programs and the system becomes almost unusable (will not boot correctly or allow logins). Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: Run SE Linux with strict policy, run "vipw" and make some changes. Actual Results: # ls -lZ /etc/passwd -rw-r--r-- 0 root system_u:object_r:shadow_t /etc/passwd Expected Results: #ls -lZ /etc/passwd -rw-r--r-- root root system_u:object_r:etc_t /etc/passwd Additional info:
The code to do this was there but not enabled. Fixing in 2.12a-8.