https://bugzilla.redhat.com/show_bug.cgi?id=1659905
Bug ID: 1659905 Summary: Incorrect SELinux label of fontconfig cache directory Product: Fedora Version: 29 Status: NEW Component: fontconfig Assignee: tagoh@redhat.com Reporter: maciek.borzecki@gmail.com QA Contact: extras-qa@fedoraproject.org CC: ajax@redhat.com, fonts-bugs@lists.fedoraproject.org, i18n-bugs@lists.fedoraproject.org, john.j5live@gmail.com, mclasen@redhat.com, pnemade@redhat.com, rhughes@redhat.com, rstrode@redhat.com, sandmann@redhat.com, tagoh@redhat.com Target Milestone: --- Classification: Fedora
Description of problem:
The /usr/lib/fontconfig/cache directly is labeled as lib_t, but should be labeled as fonts_cache_t, same as /var/cache/fontconfig was before.
[guest@localhost ~]$ ls -laZ /usr/lib/fontconfig/cache/ total 40 drwxr-xr-x. 2 root root system_u:object_r:lib_t:s0 4096 Dec 17 07:35 . drwxr-xr-x. 3 root root system_u:object_r:lib_t:s0 4096 Dec 17 07:35 .. -rw-r--r--. 1 root root unconfined_u:object_r:lib_t:s0 136 Dec 17 07:35 14f2600e-0a03-4bcf-ad84-39369899c767-le64.cache-7 -rw-r--r--. 1 root root unconfined_u:object_r:lib_t:s0 20904 Dec 17 07:35 6d2e07ad-8b0a-44cf-ad7a-4c0d0bc787a2-le64.cache-7 -rw-r--r--. 1 root root unconfined_u:object_r:lib_t:s0 200 Dec 17 07:35 CACHEDIR.TAG
Either a missing piece of the core policy or /usr/lib/fontconfig/cache ought to be created with proper labeling.
Version-Release number of selected component (if applicable):
fontconfig-2.13.1-3.fc29.x86_64 selinux-policy-3.14.2-44.fc29.noarch selinux-policy-devel-3.14.2-44.fc29.noarch selinux-policy-targeted-3.14.2-44.fc29.noarch
How reproducible: always
https://bugzilla.redhat.com/show_bug.cgi?id=1659905
Akira TAGOH tagoh@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dwalsh@redhat.com Component|fontconfig |selinux-policy-targeted Assignee|tagoh@redhat.com |lvrabec@redhat.com QA Contact|extras-qa@fedoraproject.org |benl@redhat.com
--- Comment #1 from Akira TAGOH tagoh@redhat.com --- Similarly $HOME/.config/fontconfig/fonts.conf and $HOME/.config/fontconfig/conf.d/* for user_fonts_config_t and $HOME/.cache/fontconfig/* for user_fonts_cache_t
https://bugzilla.redhat.com/show_bug.cgi?id=1659905
Lukas Vrabec lvrabec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Priority|unspecified |high Assignee|lvrabec@redhat.com |zpytela@redhat.com Severity|unspecified |high
https://bugzilla.redhat.com/show_bug.cgi?id=1659905
Zdenek Pytela zpytela@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED
--- Comment #2 from Zdenek Pytela zpytela@redhat.com --- Hi,
Thank you for reporting the issue. I am currently checking the possible ways of resolving as there are already rules for the per-application configuration directories.
# semanage fcontext -l| grep /home.*fonts_cache_t /home/[^/]+/.fontconfig(/.*)? all files unconfined_u:object_r:user_fonts_cache_t:s0 /home/[^/]+/.fonts/auto(/.*)? all files unconfined_u:object_r:user_fonts_cache_t:s0 /home/[^/]+/.fonts.cache-.* regular file unconfined_u:object_r:user_fonts_cache_t:s0
https://bugzilla.redhat.com/show_bug.cgi?id=1659905
--- Comment #3 from Akira TAGOH tagoh@redhat.com --- I think all of them are deprecated paths to store fontconfig caches. those are still valid for backward compatibility but will be dropped in the future. though no ETA of dropping so far.
https://bugzilla.redhat.com/show_bug.cgi?id=1659905
--- Comment #4 from Zdenek Pytela zpytela@redhat.com --- Created a PR, waiting for review:
https://github.com/fedora-selinux/selinux-policy/pull/253
https://bugzilla.redhat.com/show_bug.cgi?id=1659905
--- Comment #5 from Zdenek Pytela zpytela@redhat.com --- Another PR for a new interface:
https://github.com/fedora-selinux/selinux-policy-contrib/pull/97
https://bugzilla.redhat.com/show_bug.cgi?id=1659905
Lukas Vrabec lvrabec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |POST CC| |lvrabec@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1659905
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|POST |MODIFIED
--- Comment #6 from Fedora Update System updates@fedoraproject.org --- FEDORA-2019-096a80ef39 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-096a80ef39
https://bugzilla.redhat.com/show_bug.cgi?id=1659905
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |ON_QA
--- Comment #7 from Fedora Update System updates@fedoraproject.org --- selinux-policy-3.14.2-61.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-096a80ef39
https://bugzilla.redhat.com/show_bug.cgi?id=1659905
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |MODIFIED
--- Comment #8 from Fedora Update System updates@fedoraproject.org --- FEDORA-2019-2eec328cc1 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-2eec328cc1
https://bugzilla.redhat.com/show_bug.cgi?id=1659905
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |ON_QA
--- Comment #9 from Fedora Update System updates@fedoraproject.org --- selinux-policy-3.14.2-62.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-2eec328cc1
https://bugzilla.redhat.com/show_bug.cgi?id=1659905
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |MODIFIED
--- Comment #10 from Fedora Update System updates@fedoraproject.org --- FEDORA-2019-8071724c9b has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-8071724c9b
https://bugzilla.redhat.com/show_bug.cgi?id=1659905
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |ON_QA
--- Comment #11 from Fedora Update System updates@fedoraproject.org --- selinux-policy-3.14.2-63.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-8071724c9b
https://bugzilla.redhat.com/show_bug.cgi?id=1659905
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |MODIFIED
--- Comment #12 from Fedora Update System updates@fedoraproject.org --- FEDORA-2019-b51794f502 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-b51794f502
https://bugzilla.redhat.com/show_bug.cgi?id=1659905
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |ON_QA
--- Comment #13 from Fedora Update System updates@fedoraproject.org --- selinux-policy-3.14.2-64.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-b51794f502
https://bugzilla.redhat.com/show_bug.cgi?id=1659905
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA Last Closed| |2019-08-18 01:56:37
--- Comment #14 from Fedora Update System updates@fedoraproject.org --- selinux-policy-3.14.2-64.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
fonts-bugs@lists.fedoraproject.org