On Sun, Mar 19, 2006 at 01:07:18 +0100, Thomas Bleher <bleher@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote: > > That's true. restorecon doesn't need (and isn't allowed to by policy) to > read where symlinks point to. This is very helpful in preventing symlink > attacks. > Hardlinks are more problematic. Setfiles (which runs when the whole > filesystem is relabeled) keeps track of hardlinks and warns if a file > would get two different security contexts because of its different file > names. I don't know if restorecon has a similar check but it cannot > reliably detect this problem if it's only run on part of a filesystem. > This is the reason you should (on targeted policy) never run restorecon > on untrusted userdata. Thanks that was very helpful. I didn't know that setfiles was what was used to relabel filesystems. Its man page is pretty clear on what it does. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
