-
Bug
-
Resolution: Done-Errata
-
Normal
-
rhel-8.8.0
-
selinux-policy-3.14.3-130.el8
-
None
-
Moderate
-
sst_security_selinux
-
ssg_security
-
6
-
None
-
QE ack, Dev ack
-
False
-
-
No
-
None
-
-
Pass
-
Automated
-
-
Unspecified
-
None
Description of problem: authselect backup files with etc_t but dir expects var_lib_t
–
Running restorecon -Rvn shows that files under /var/lib/authselect/backups are created (copied?) with etc_t fcontext, but that the directory var/lib/authselect/backups is expecting (because of inheritance from /var/lib) that it has var_lib_t
–
// Internal data, Hence making it private
sudo ls -lZ /var/lib/authselect/backups
total 0
drwx------. 2 root root system_u:object_r:var_lib_t:s0 130 Jul 19 2021 2021-07-19-15-54-05.oGrgdj
drwx------. 2 root root system_u:object_r:var_lib_t:s0 165 Jul 27 2021 2021-07-27-12-17-22.Ze7lvq
drwx------. 2 root root system_u:object_r:var_lib_t:s0 165 Feb 21 2022 2022-02-21-16-20-47.IYqRN9
drwxr-xr-x. 2 root root system_u:object_r:var_lib_t:s0 188 Jul 27 2021 pre_ipaclient_20210727121805
Actual results:
sudo ls -lZ /var/lib/authselect/backups/2022-02-21-16-20-47.IYqRN9
total 32
rw-rr-. 1 root root system_u:object_r:etc_t:s0 231 Feb 21 2022 dconf-db
rw-rr-. 1 root root system_u:object_r:etc_t:s0 260 Feb 21 2022 dconf-locks
rw-rr-. 1 root root system_u:object_r:etc_t:s0 624 Feb 21 2022 fingerprint-auth
rw-rr-. 1 root root system_u:object_r:etc_t:s0 809 Feb 21 2022 nsswitch.conf
rw-rr-. 1 root root system_u:object_r:etc_t:s0 544 Feb 21 2022 password-auth
rw-rr-. 1 root root system_u:object_r:etc_t:s0 555 Feb 21 2022 postlogin
rw-rr-. 1 root root system_u:object_r:etc_t:s0 684 Feb 21 2022 smartcard-auth
rw-rr-. 1 root root system_u:object_r:etc_t:s0 1959 Feb 21 2022 system-auth
sudo restorecon -Rvn /var/lib/authselect/backups
Would relabel /var/lib/authselect/backups/2022-02-21-16-20-47.IYqRN9/system-auth from system_u:object_r:etc_t:s0 to system_u:object_r:var_lib_t:s0
Would relabel /var/lib/authselect/backups/2022-02-21-16-20-47.IYqRN9/password-auth from system_u:object_r:etc_t:s0 to system_u:object_r:var_lib_t:s0
Would relabel /var/lib/authselect/backups/2022-02-21-16-20-47.IYqRN9/fingerprint-auth from system_u:object_r:etc_t:s0 to system_u:object_r:var_lib_t:s0
Would relabel /var/lib/authselect/backups/2022-02-21-16-20-47.IYqRN9/smartcard-auth from system_u:object_r:etc_t:s0 to system_u:object_r:var_lib_t:s0
Would relabel /var/lib/authselect/backups/2022-02-21-16-20-47.IYqRN9/postlogin from system_u:object_r:etc_t:s0 to system_u:object_r:var_lib_t:s0
Would relabel /var/lib/authselect/backups/2022-02-21-16-20-47.IYqRN9/nsswitch.conf from system_u:object_r:etc_t:s0 to system_u:object_r:var_lib_t:s0
Would relabel /var/lib/authselect/backups/2022-02-21-16-20-47.IYqRN9/dconf-db from system_u:object_r:etc_t:s0 to system_u:object_r:var_lib_t:s0
Would relabel /var/lib/authselect/backups/2022-02-21-16-20-47.IYqRN9/dconf-locks from system_u:object_r:etc_t:s0 to system_u:object_r:var_lib_t:s0
—
Expected results:
Either the /var/lib/authselect/backups fcontext is expecting to have etc_t files in it or the authselect backup process creates the files with the var_lib_t fcontext
Additional info:
Case ID = 03580255
- is cloned by
-
RHEL-15220 incorrect SELinux context for files backed up by authselect
- Closed
- is duplicated by
-
RHEL-28857 ipa-client-install --uninstall restore the previous configuration with wrong labels
- Closed
- relates to
-
RHEL-18057 Incorrect SELinux file context on authselect backup directory /var/lib/authselect
- Closed
- external trackers
- links to
-
RHBA-2023:121335 selinux-policy bug fix and enhancement update
- mentioned on