On Tue, 2004-05-18 at 23:07, Daniel J Walsh wrote: > Looks like a bug in matchpathcon (Which is used buy restorecon). It is > returning the wrong security context. I will send this to stephen. > Basically looks like it is ignoring file type. matchpathcon takes a pathname and optional file mode as input parameters for matching against the file contexts configuration. It doesn't attempt to stat the file itself to obtain the mode because it is sometimes used by programs that are creating new files (e.g. udev) and want to know the context for the file they are about to create, so it requires the caller to provide the mode. restorecon currently passes 0 as the mode, so no mode matching is performed. So this is a bug in restorecon; it needs to be changed to stat the file and provide the mode. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
