Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-5177

RFE: make fixfiles polyinstantiation aware

XMLWordPrintable

    • rhel-sst-security-selinux
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • If docs needed, set a value
    • None

      Description of problem:

      fixfiles can do a number of operations, including deleting content in /tmp and relabeling files in /var/tmp.
      Unfortunately the tool is not polyinstantiation aware, which causes issues when used in that context:

      • /tmp-inst (or similar, as configured in /etc/security/namespace.conf) is not cleaned up

      fullrelabel()

      { echo "Cleaning out /tmp" find /tmp/ -mindepth 1 -delete restore Relabel }
      • /var/tmp/tmp-inst (or similar) is not relabeled properly

      find /var/tmp ( -context ":${UNLABELED}" -o -context ":${UNDEFINED}" ) -exec chcon --no-dereference --reference /var/tmp {} \;

      Please implement this functionality. Note that the target directories (/tmp-inst and /var/tmp/tmp-inst) are to be read from /etc/security/namespace.conf (and /etc/security/namespace.d/*) and not hardcoded.

      Version-Release number of selected component (if applicable):

      policycoreutils-2.9-9.el8.x86_64

              vmojzis@redhat.com Vit Mojzis
              rhn-support-rmetrich Renaud Métrich
              Vit Mojzis Vit Mojzis
              SSG Security QE SSG Security QE
              Votes:
              1 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: