48787 – cvs, selinux and /etc/.pwd.lock

Bug 48787 - cvs, selinux and /etc/.pwd.lock

Summary: cvs, selinux and /etc/.pwd.lock

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Chris PeBenito (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-04-23 07:45 UTC by petre rodan (RETIRED)
Modified:	2004-04-23 07:49 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description petre rodan (RETIRED) gentoo-dev

2004-04-23 07:45:04 UTC

since the 2004.1 changes, /etc/.pwd.lock is labeled system_u:object_r:shadow_t, instead of system_u:object_r:etc_t

unfortunately, cvs is trying to read that file in most cases.
this means 
allow { sysadm_t staff_t user_t } shadow_t:file { read };
which ain't good. even if I use SystemAuth=no the problem remains.

what would be the best resolution of this? the patch of cvs sources, a cvs_t domain, or a patch of the current policy?

Comment 1 petre rodan (RETIRED) gentoo-dev

2004-04-23 07:49:45 UTC

mea culpa. invalid bug. i'm tired.