Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 1505059 - Clarify wording in "2. SELinux Contexts"
Clarify wording in "2. SELinux Contexts"
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: doc-SELinux_Users_and_Administrators_Guide (Show other bugs)
7.4
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Mirek Jahoda
: Documentation, EasyFix
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-10-21 11:39 EDT by Robert Krátký
Modified: 2018-03-05 10:42 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-03-05 10:42:01 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Robert Krátký 2017-10-21 11:39:51 EDT
Document URL: 
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/chap-security-enhanced_linux-selinux_contexts

Section Number and Name: 
2. SELinux Contexts

Describe the issue: 
"3. An SELinux policy rule states that the passwd_t domain has entrypoint permission to the passwd_exec_t type."

This is confusing as it suggests control flows from the passwd_t domain to the passwd_exec_t type, exactly the opposite of what the rest of the example is showing. I suspect this is because a couple of words were dropped. The sentence should probably be:

"3. An SELinux policy rule states that the passwd_t domain has its entrypoint permission set to the passwd_exec_t type."

See https://access.redhat.com/discussions/3221251

Suggestions for improvement: 
Confirm and reword.
Comment 1 Mirek Jahoda 2018-03-05 10:29:49 EST
Mario is right, we use passwd_exec_t as an entrypoint for the passwd_t domain transition.

Note You need to log in before you can comment on or make changes to this bug.