Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 48787 - cvs, selinux and /etc/.pwd.lock
Summary: cvs, selinux and /etc/.pwd.lock
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: All All
: High normal
Assignee: Chris PeBenito (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-04-23 07:45 UTC by petre rodan (RETIRED)
Modified: 2004-04-23 07:49 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description petre rodan (RETIRED) gentoo-dev 2004-04-23 07:45:04 UTC 
since the 2004.1 changes, /etc/.pwd.lock is labeled system_u:object_r:shadow_t, instead of system_u:object_r:etc_t

unfortunately, cvs is trying to read that file in most cases.
this means 
allow { sysadm_t staff_t user_t } shadow_t:file { read };
which ain't good. even if I use SystemAuth=no the problem remains.

what would be the best resolution of this? the patch of cvs sources, a cvs_t domain, or a patch of the current policy?
Comment 1 petre rodan (RETIRED) gentoo-dev 2004-04-23 07:49:45 UTC 
mea culpa. invalid bug. i'm tired.