RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux/libsemanage
History
Vit Mojzis d96f27bf7c libsemanage: Preserve file context and ownership in policy store 
Make sure that file context (all parts) and ownership of
files/directories in policy store does not change no matter which user
and under which context executes policy rebuild.

Fixes:
  # semodule -B
  # ls -lZ  /etc/selinux/targeted/contexts/files

-rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0 421397 Jul 11 09:57 file_contexts
-rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0 593470 Jul 11 09:57 file_contexts.bin
-rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0  14704 Jul 11 09:57 file_contexts.homedirs
-rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0  20289 Jul 11 09:57 file_contexts.homedirs.bin

  SELinux user changed from system_u to the user used to execute semodule

  # capsh --user=testuser --caps="cap_dac_override,cap_chown+eip" --addamb=cap_dac_override,cap_chown -- -c "semodule -B"
  # ls -lZ  /etc/selinux/targeted/contexts/files

-rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0 421397 Jul 19 09:10 file_contexts
-rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0 593470 Jul 19 09:10 file_contexts.bin
-rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0  14704 Jul 19 09:10 file_contexts.homedirs
-rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0  20289 Jul 19 09:10 file_contexts.homedirs.bin

  Both file context and ownership changed -- causes remote login
  failures and other issues in some scenarios.

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
 		2024-07-29 07:42:45 -04:00
..
example Author: Daniel J Walsh 2008-09-15 09:25:33 -04:00
include libsemanage: always write kernel policy when check_ext_changes is specified 2022-06-30 21:09:00 +02:00
man Do not automatically install Russian translations 2023-08-16 13:33:47 -04:00
src libsemanage: Preserve file context and ownership in policy store 2024-07-29 07:42:45 -04:00
tests libsemanage/tests: use strict prototypes 2023-08-16 13:33:12 -04:00
utils Always use /usr/bin/python3 in Python scripts 2019-02-20 16:43:27 +01:00
.gitignore Add subdirectory .gitignore files. 2009-10-20 21:25:55 -04:00
LICENSE docs: provide a top level LICENSE file 2022-10-05 08:20:38 -04:00
Makefile libsemanage: semanage store migration script 2014-08-26 08:03:31 -04:00
VERSION Release 3.7 2024-06-26 17:30:41 +02:00