On Tue, Jan 17, 2023 at 12:36 PM Christian Göttsche <cgzones@xxxxxxxxxxxxxx> wrote: > > Do not remove the runtime directory /run/setrans/, which is the parent > for the security context translation socket .setrans-unix, when the > service is stopped, so the path can not be taken over by a foreign > program, which could lead to a compromise of the context translation of > libselinux. > > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> Acked-by: James Carter <jwcart2@xxxxxxxxx> > --- > mcstrans/src/mcstrans.service | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/mcstrans/src/mcstrans.service b/mcstrans/src/mcstrans.service > index c13cd09a..fdcfb0d4 100644 > --- a/mcstrans/src/mcstrans.service > +++ b/mcstrans/src/mcstrans.service > @@ -9,6 +9,7 @@ Conflicts=shutdown.target > [Service] > ExecStart=/sbin/mcstransd -f > RuntimeDirectory=setrans > +RuntimeDirectoryPreserve=true > > [Install] > WantedBy=multi-user.target > -- > 2.39.0 >
