RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-02-09 14:17:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

mcstrans: preserve runtime directory

Browse Source 
Do not remove the runtime directory /run/setrans/, which is the parent
for the security context translation socket .setrans-unix, when the
service is stopped, so the path can not be taken over by a foreign
program, which could lead to a compromise of the context translation of
libselinux.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
Christian Göttsche 2023-01-17 18:20:50 +01:00 committed by Petr Lautrbach
parent 3ccea01c69
commit 4622ac0064
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
mcstrans/src/mcstrans.service
View File

@ -9,6 +9,7 @@ Conflicts=shutdown.target
[Service]
ExecStart=/sbin/mcstransd -f
RuntimeDirectory=setrans
RuntimeDirectoryPreserve=true
[Install]
WantedBy=multi-user.target