Re: If you are maintinaing of developing a Fedora Package.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, Oct 13, 2007 at 10:33:56AM -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> If the location of the executable changes,
> for example from /usr/bin to /usr/sbin.  Please make sure the SELinux
> context is correct in the new location
> 
> matchpathcon /usr/bin/MYAPP
> matchpathcon /ust/sbin/MYAPP
> 
> If they aren't the same, then SELinux might have a problem.

 Couldn't be better to maintain default selinux labels like others
 file attributes?

     %attr(4755,root,root) %selinux(foo_t)  /bin/foo

> Changing this could cause a security vulnerabilty, an confined
> application can go to unconfined if it moves to a bin_t labeling.

 Arjan is right, it sounds like pretty important to test it for
 regressions.

    Karel

-- 
 Karel Zak  <kzak@xxxxxxxxxx>

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux