RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

selinuxutil: restorecond is buggy when it dereferencies symlinks 

restorecond uses libselinux's selinux_restorecon() to relabel files,
which dereferences symlinks in a useless call to statfs(). This produces
AVC denials which are noisy.

Fixes: https://github.com/SELinuxProject/refpolicy/pull/22
This commit is contained in:
Nicolas Iooss 2019-01-16 22:03:23 +01:00
parent 4a90eae668
commit 6e2896098c
No known key found for this signature in database
GPG Key ID: C191415F340DAAA0
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/system/selinuxutil.te
View File

@ -372,7 +372,7 @@ selinux_compute_user_contexts(restorecond_t)
files_relabel_non_auth_files(restorecond_t )
files_read_non_auth_files(restorecond_t)
files_read_non_auth_symlinks(restorecond_t)
files_dontaudit_read_all_symlinks(restorecond_t)
auth_use_nsswitch(restorecond_t)
logging_send_syslog_msg(restorecond_t)