| Summary: | shadow 4.0.4.1-r2 mislabeling | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | petre rodan (RETIRED) <kaiowas> |
| Component: | Hardened | Assignee: | Chris PeBenito (RETIRED) <pebenito> |
| Status: | RESOLVED FIXED | ||
| Severity: | critical | ||
| Priority: | High | ||
| Version: | 2004.1 | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: | updated patch | ||
|
Description
petre rodan (RETIRED)
2004-07-01 05:28:00 UTC
Unfortunately this has been a known problem for a while. Debian also has this problem, but apparently not Fedora. Its unclear why at the moment. Best thing to do right now is use setfiles to relabel it back: echo "/etc/passwd" | setfiles /etc/security/selinux/file_contexts -s hmm, I guess I've solved this one. after a small strace output comparison between 4.0.3-r9 and 4.0.4.1-r2 I have seen that the new 'useradd' binary was not using ANY selinux-related functions. it looked like WITH_SELINUX was not defined at compile time. which was exactly the case here. although -DWITH-SELINUX was defined in the Makefile.am, it never made his way into Makefile.in and finaly into Makefile the way it was happening in 4.0.3. maybe it's a automake or a timestamp issue, not sure and I care less. so here is a new selinux patch that does the job. can you please consider publishing this new patch? Created attachment 34721 [details, diff]
updated patch
I'll certainly look at it. I'd be happy to get rid of this problem :) good catch! in shadow-4.0.4.1-r3 |