Do not remove the runtime directory /run/setrans/, which is the parent for the security context translation socket .setrans-unix, when the service is stopped, so the path can not be taken over by a foreign program, which could lead to a compromise of the context translation of libselinux. Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> --- mcstrans/src/mcstrans.service | 1 + 1 file changed, 1 insertion(+) diff --git a/mcstrans/src/mcstrans.service b/mcstrans/src/mcstrans.service index c13cd09a..fdcfb0d4 100644 --- a/mcstrans/src/mcstrans.service +++ b/mcstrans/src/mcstrans.service @@ -9,6 +9,7 @@ Conflicts=shutdown.target [Service] ExecStart=/sbin/mcstransd -f RuntimeDirectory=setrans +RuntimeDirectoryPreserve=true [Install] WantedBy=multi-user.target -- 2.39.0
