restorecon vs. setfiles
Daniel J Walsh
dwalsh at redhat.com
Wed May 19 19:17:50 UTC 2004
Stephen Smalley wrote:
>On Tue, 2004-05-18 at 23:07, Daniel J Walsh wrote:
>
>
>>Looks like a bug in matchpathcon (Which is used buy restorecon). It is
>>returning the wrong security context. I will send this to stephen.
>>Basically looks like it is ignoring file type.
>>
>>
>
>matchpathcon takes a pathname and optional file mode as input parameters
>for matching against the file contexts configuration. It doesn't
>attempt to stat the file itself to obtain the mode because it is
>sometimes used by programs that are creating new files (e.g. udev) and
>want to know the context for the file they are about to create, so it
>requires the caller to provide the mode. restorecon currently passes 0
>as the mode, so no mode matching is performed.
>
>So this is a bug in restorecon; it needs to be changed to stat the file
>and provide the mode.
>
>
>
policycoreutils-1.12-2 has two fixes for restorecon, it handles the
symbolic link problem and ignores <<none>>.
Dan
More information about the fedora-selinux-list
mailing list