/sbin/restorecon and hard links

Stephen Smalley sds at tycho.nsa.gov
Wed Feb 15 14:09:12 UTC 2006


On Wed, 2006-02-15 at 09:01 -0500, Stephen Smalley wrote:
> Yes, running restorecon on /home by root considered harmful,
> particularly under targeted policy.  Under strict policy, a user can't
> create hard links to system files (controlled by the 'link' permission),
> which helps avoid the problem, and restorecon and setfiles aren't
> allowed to follow untrustworthy symlinks by the policy.  setfiles also
> contains code to check for multiple hard links with conflicting matches,
> so if you run setfiles on /, it should complain about the discrepancy,
> but restorecon doesn't do that and even if it did it naturally can't
> tell that when it is just run on /home.

Of course, using a separate partition for /home, /tmp, and other
user-writable areas is a good idea anyway...

-- 
Stephen Smalley
National Security Agency




More information about the fedora-selinux-list mailing list