Version-Release number of selected component (if applicable): * Fedora release 9 (Sulphur) * Linux 2.6.25.11-97.fc9.i686 i686 * shadow-utils-4.1.1-2.fc9.i386 * policycoreutils-2.0.52-5.fc9.i386 * selinux-policy-targeted-3.3.1-82.fc9.noarch * libselinux-python-2.0.67-4.fc9.i386 * selinux-policy-3.3.1-82.fc9.noarch * selinux-policy-devel-3.3.1-82.fc9.noarch * libselinux-2.0.67-4.fc9.i386 * xguest-1.0.6-7.fc9.noarch How reproducible: Always. Steps to Reproduce: 1. yum install xguest 2. useradd -Z guest_u selinuxtest 3. semanage login -l selinuxtest guest_u s0 4. usermod -Z user_u selinuxtest usermod: no changes 5. semanage login -l selinuxtest guest_u s0 Actual results: The Linux "selinuxtest" user stays mapped to "guest_u". Expected results: The Linux "selinuxtest" user mapped to "user_u". Additional info: There are no AVC denials. The same results occur when not using xguest, for example, using "root" and "user_u" instead. SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 22 Policy from config file: targeted Works as expected on: * Red Hat Enterprise Linux Client release 5.2 (Tikanga) * Linux 2.6.18-92.1.1.el5 i686 shadow-utils-4.0.17-13.el5 * policycoreutils-1.33.12-14.el5 * selinux-policy-targeted-2.4.6-137.el5 * libselinux-python-1.33.4-5.el5 * selinux-policy-2.4.6-137.el5 * libselinux-1.33.4-5.el5 SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 21 Policy from config file: targeted
Created attachment 316200 [details] patch against 4.1.1 to fix this
fixed in shadow-utils-4.1.2-7.fc10, thnx. Michal for patch.