Ubuntu
shadow package

  1. Bug #347540
  2. Activity log

Activity log for bug #347540

Date Who What changed Old value New value Message
2009-03-23 20:25:49 Marshall Miller bug added bug
2009-03-23 20:25:49 Marshall Miller bug added attachment 'fedora11-shadow-utils-selinux.patch' (fedora11-shadow-utils-selinux.patch)
2009-03-23 20:28:59 Marshall Miller description Binary package hint: passwd Ubuntu version: Hardy passwd version: 4.0.18.2 Steps to reproduce: Install selinux apt-get install selinux Create user with non-default selinux user login mapping useradd -m -G admin adminuser passwd adminuser semanage login -a -s root adminuser Login as adminuser and create a user sudo useradd -m testuser View the SELinux label assigned to testuser's home directory ls -Z /home/testuser Expected behavior: The directory /home/testuser should be labeled unconfined_u:object_r:user_home_dir_t:s0. Actual behavior: The directory /home/testuser is labeled root:object_r:user_home_dir_t:s0. This is not a problem unless UBAC is enabled in SELinux policy. If it were enabled, testuser would not be able to create any files in his/her home directory. Attached is a copy of the patch used in Fedora 11's shadow-utils-4.1.2-11.fc11 that has been modified to apply last in the series of patches in the version of passwd listed above. The patch also adds the -Z option to useradd/usermod, which allows the SELinux user associated with a user to be set when the user is created. Binary package hint: passwd Ubuntu version: Hardy passwd version: 4.0.18.2 Steps to reproduce: Install selinux apt-get install selinux Create user with non-default selinux user login mapping useradd -m -G admin adminuser passwd adminuser semanage login -a -s root adminuser Login as adminuser and create a user sudo useradd -m testuser View the SELinux label assigned to testuser's home directory ls -dZ /home/testuser Expected behavior: The directory /home/testuser should be labeled unconfined_u:object_r:user_home_dir_t:s0. Actual behavior: The directory /home/testuser is labeled root:object_r:user_home_dir_t:s0. This is not a problem unless UBAC is enabled in SELinux policy. If it were enabled, testuser would not be able to create any files in his/her home directory. Attached is a copy of the patch used in Fedora 11's shadow-utils-4.1.2-11.fc11 that has been modified to apply last in the series of patches in the version of passwd listed above. The patch also adds the -Z option to useradd/usermod, which allows the SELinux user associated with a user to be set when the user is created.
2009-03-30 17:40:30 Marshall Miller bug added subscriber Caleb Case