Ship a restorecond.conf file that relabels all mount runtime files under /etc and
not just /etc/mtab.
Mount also uses /etc/mtab~[0-9]{0,20} lock files (the number corresponds to the
PID) and the /etc/mtab.tmp temporary file.
The above refers to mount from util-linux-2.21.2 from kernel.org. See mount -vvv
for the location of such files.
A patch is also available for the reference policy to fix this issue.
Signed-off-by: Guido Trentalancia <guido@xxxxxxxxxxxxxxxx>
---
policycoreutils/restorecond/restorecond.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- selinux-04062012/policycoreutils/restorecond/restorecond.conf 2011-11-15 00:32:56.865740944 +0100
+++ selinux-04062012-restorecond-conf-relabel-mount-runtime-files/policycoreutils/restorecond/restorecond.conf 2012-06-15 19:46:08.178417897 +0200
@@ -1,7 +1,7 @@
/etc/services
/etc/resolv.conf
/etc/samba/secrets.tdb
-/etc/mtab
+/etc/mtab*
/var/run/utmp
/var/log/wtmp
/root/*
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
