Bug 1505059 – Clarify wording in "2. SELinux Contexts"

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1505059 - Clarify wording in "2. SELinux Contexts"

Summary:	Clarify wording in "2. SELinux Contexts"

Status:	CLOSED CURRENTRELEASE

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	doc-SELinux_Users_and_Administrators_Guide (Show other bugs)
Sub Component:
Version:	7.4
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	Mirek Jahoda
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:	Documentation, EasyFix

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2017-10-21 11:39 EDT by Robert Krátký
Modified:	2018-03-05 10:42 EST (History)
CC List:	1 user (show)

See Also:
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2018-03-05 10:42:01 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Robert Krátký 2017-10-21 11:39:51 EDT

Document URL: 
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/chap-security-enhanced_linux-selinux_contexts

Section Number and Name: 
2. SELinux Contexts

Describe the issue: 
"3. An SELinux policy rule states that the passwd_t domain has entrypoint permission to the passwd_exec_t type."

This is confusing as it suggests control flows from the passwd_t domain to the passwd_exec_t type, exactly the opposite of what the rest of the example is showing. I suspect this is because a couple of words were dropped. The sentence should probably be:

"3. An SELinux policy rule states that the passwd_t domain has its entrypoint permission set to the passwd_exec_t type."

See https://access.redhat.com/discussions/3221251

Suggestions for improvement: 
Confirm and reword.

Comment 1 Mirek Jahoda 2018-03-05 10:29:49 EST

Mario is right, we use passwd_exec_t as an entrypoint for the passwd_t domain transition.

Comment 2 Mirek Jahoda 2018-03-05 10:42:01 EST

The fix has been published on the Customer Portal:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/selinux_users_and_administrators_guide/#sect-Security-Enhanced_Linux-SELinux_Contexts-Domain_Transitions
Thank you for the report.

Note You need to log in before you can comment on or make changes to this bug.