View Issue Details

IDProjectCategoryView StatusLast Update
0016945CentOS-7selinux-policypublic2020-01-20 14:14
Reporterbboozzoo 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version7.7-1908 
Target VersionFixed in Version 
Summary0016945: Incorrect SELinux label of fontconfig cache directory
DescriptionOriginally reported for RHEL7 proper https://bugzilla.redhat.com/show_bug.cgi?id=1792349 but applies to CentOS too

The /usr/lib/fontconfig/cache directly is labeled as lib_t, but should be labeled as fonts_cache_t, same as /var/cache/fontconfig.

[guest@localhost ~]$ sudo semanage fcontext --list |grep fontconfig
/root/\.fontconfig(/.*)? all files system_u:object_r:user_fonts_cache_t:s0
/var/cache/fontconfig(/.*)? all files system_u:object_r:fonts_cache_t:s0
/home/[^/]+/\.fontconfig(/.*)? all files unconfined_u:object_r:user_fonts_cache_t:s0

[guest@localhost ~]$ ls -lZ /usr/lib/fontconfig/cache/
-rw-r--r--. root root unconfined_u:object_r:lib_t:s0 4394e65f-5cac-4a54-8d05-6d8af3bece4c-le64.cache-7
-rw-r--r--. root root unconfined_u:object_r:lib_t:s0 5dff0973-35c9-4dcd-b08c-b9404e8be649-le64.cache-7
-rw-r--r--. root root unconfined_u:object_r:lib_t:s0 CACHEDIR.TAG

Either a missing piece of the core policy or /usr/lib/fontconfig/cache ought to be created with proper labeling.

Version-Release number of selected component (if applicable):

fontconfig-2.13.0-4.3.el7.x86_64
selinux-policy-3.13.1-252.el7_7.6.noarch
selinux-policy-targeted-3.13.1-252.el7_7.6.noarch

How reproducible:
always


TagsNo tags attached.
abrt_hash
URL

Activities

bboozzoo

bboozzoo

2020-01-20 14:14

reporter   ~0036075

The RHBZ ticket was closed with WONTFIX since RHEL7 is in maintenance. I believe it's ok to close this one with similar explanation too.

Issue History

Date Modified Username Field Change
2020-01-17 14:50 bboozzoo New Issue
2020-01-20 14:14 bboozzoo Note Added: 0036075