Bug 433757 - useradd assignes incorrect SELinux type to /var/spool/mail/newuser
Summary: useradd assignes incorrect SELinux type to /var/spool/mail/newuser
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: shadow-utils   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Peter Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords: SELinux
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-02-21 10:22 UTC by Stepan Kasal
Modified: 2008-03-03 15:07 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-03 15:07:45 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to fix /var/spool/mail labeling and useradd -Z user_u dwalsh problem (1.24 KB, patch)
2008-02-21 15:05 UTC, Daniel Walsh
no flags Details | Diff

Description Stepan Kasal 2008-02-21 10:22:40 UTC
Description of problem:
useradd creates an empty mail spool file, assigning it SELinux type user_home_t.
This can cause problems later, for example when logwatch visits /var/spool/mail
(this was the denial which actually triggered this bug report).

Version-Release number of selected component (if applicable):
selinux-policy-3.2.8-1.fc9.noarch
shadow-utils-4.1.0-2.fc9.i386

How reproducible:
always

Steps to Reproduce:
1. login as root
2. useradd sladek
3. ls -lZ /var/spool/mail/sladek

Actual type: user_home_t
Expected type: mail_spool_t

Comment 1 Daniel Walsh 2008-02-21 15:05:20 UTC
Created attachment 295515 [details]
Patch to fix /var/spool/mail labeling and useradd -Z user_u dwalsh problem

Tomas, 

We never reset the setfscreatecon to the default after creating the homedir. 
Also if you modify the default SELinux User, useradd execs semanage, but this
was happening before the uid was created so it was failing.  Needs to happen
after the UID is created.

Comment 2 Daniel Walsh 2008-02-21 15:06:07 UTC
Sorry should have commented to Peter.



Comment 3 Peter Vrabec 2008-03-03 15:07:45 UTC
fixed in shadow-utils-4.1.0-4.fc9,
thnx. Daniel


Note You need to log in before you can comment on or make changes to this bug.