First Last Prev Next    This bug is not in your last search results.
Bug 136522 - nss_db's makedb doesn't label files
nss_db's makedb doesn't label files
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: nss_db (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-10-20 14:23 EDT by Nalin Dahyabhai
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version: 2.2-29
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-10-20 15:24:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Nalin Dahyabhai 2004-10-20 14:23:40 EDT 
Description of problem:

When the bundled makedb tool is used to create DB files in /var/db
(either directly, or more likely through the Makefile), the created
files all have the default context.

In all likelihood, the shadow.db file should be in the same domain as
/etc/shadow, from which it's built.

Version-Release number of selected component (if applicable):
nss_db-2.2-28

How reproducible:
Always

Steps to Reproduce:
1. rm -f /var/db/*.db
2. make -C /var/db
3. ls -lZ /var/db
  
Actual results:
shadow.db is in the var_t domain

Expected results:
shadow.db should be in the shadow_t domain or an equivalent

Additional info:
This assumes that the SELinux policy defines a specific context for
this file, which may not (yet) be the case.
Comment 1 Nalin Dahyabhai 2004-10-20 14:45:09 EDT 
I suggest these additions to the targeted policy's types.fc file:
  /var/db/.*\.db                  system_u:object_r:etc_t
  /var/db/shadow.db               system_u:object_r:shadow_t
Comment 2 Nalin Dahyabhai 2004-10-20 14:45:41 EDT 
Ugh, that second line should be
  /var/db/shadow\.db               system_u:object_r:shadow_t
Comment 3 Nalin Dahyabhai 2004-10-20 15:24:09 EDT 
In 2.2-29 and later, makedb will modify its file creation context
before opening databases, so that new database files will be created
with a context which has been specified by the policy.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.