458766 – usermod -Z does not change Linux / SELinux user mappings.

Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.

Bug 458766 - usermod -Z does not change Linux / SELinux user mappings.

Summary: usermod -Z does not change Linux / SELinux user mappings.

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	shadow-utils
Sub Component:
Version:	9
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Peter Vrabec
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-08-12 06:35 UTC by Murray McAllister
Modified:	2015-01-04 22:35 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-09-15 13:20:22 UTC
Type:	---
Dependent Products:

Attachments	(Terms of Use)
patch against 4.1.1 to fix this (1.41 KB, patch) 2008-09-09 15:40 UTC, Michal Hlavinka	no flags	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Description Murray McAllister 2008-08-12 06:35:58 UTC

Version-Release number of selected component (if applicable):

* Fedora release 9 (Sulphur)
* Linux 2.6.25.11-97.fc9.i686 i686

* shadow-utils-4.1.1-2.fc9.i386

* policycoreutils-2.0.52-5.fc9.i386
* selinux-policy-targeted-3.3.1-82.fc9.noarch
* libselinux-python-2.0.67-4.fc9.i386
* selinux-policy-3.3.1-82.fc9.noarch
* selinux-policy-devel-3.3.1-82.fc9.noarch
* libselinux-2.0.67-4.fc9.i386

* xguest-1.0.6-7.fc9.noarch

How reproducible:

Always.

Steps to Reproduce:

1. yum install xguest
2. useradd -Z guest_u selinuxtest
3. semanage login -l
selinuxtest               guest_u                   s0

4. usermod -Z user_u selinuxtest
usermod: no changes

5. semanage login -l
selinuxtest               guest_u                   s0 
  
Actual results:

The Linux "selinuxtest" user stays mapped to "guest_u".

Expected results:

The Linux "selinuxtest" user mapped to "user_u".

Additional info:

There are no AVC denials. The same results occur when not using xguest, for example, using "root" and "user_u" instead.

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 22
Policy from config file:        targeted

Works as expected on:

* Red Hat Enterprise Linux Client release 5.2 (Tikanga)
* Linux 2.6.18-92.1.1.el5 i686

shadow-utils-4.0.17-13.el5

* policycoreutils-1.33.12-14.el5
* selinux-policy-targeted-2.4.6-137.el5
* libselinux-python-1.33.4-5.el5
* selinux-policy-2.4.6-137.el5
* libselinux-1.33.4-5.el5

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 21
Policy from config file:        targeted

Comment 1 Michal Hlavinka 2008-09-09 15:40:21 UTC

Created attachment 316200 [details]
patch against 4.1.1 to fix this

Comment 2 Peter Vrabec 2008-09-15 13:20:22 UTC

fixed in shadow-utils-4.1.2-7.fc10, 
thnx. Michal for patch.

Note You need to log in before you can comment on or make changes to this bug.