Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-5177

RFE: make fixfiles polyinstantiation aware

XMLWordPrintable

    • Normal
    • sst_security_selinux
    • ssg_security
    • False
    • Hide

      None

      Show
      None
    • If docs needed, set a value

      Description of problem:

      fixfiles can do a number of operations, including deleting content in /tmp and relabeling files in /var/tmp.
      Unfortunately the tool is not polyinstantiation aware, which causes issues when used in that context:

      • /tmp-inst (or similar, as configured in /etc/security/namespace.conf) is not cleaned up

      fullrelabel()

      { echo "Cleaning out /tmp" find /tmp/ -mindepth 1 -delete restore Relabel }
      • /var/tmp/tmp-inst (or similar) is not relabeled properly

      find /var/tmp ( -context ":${UNLABELED}" -o -context ":${UNDEFINED}" ) -exec chcon --no-dereference --reference /var/tmp {} \;

      Please implement this functionality. Note that the target directories (/tmp-inst and /var/tmp/tmp-inst) are to be read from /etc/security/namespace.conf (and /etc/security/namespace.d/*) and not hardcoded.

      Version-Release number of selected component (if applicable):

      policycoreutils-2.9-9.el8.x86_64

            vmojzis@redhat.com Vit Mojzis
            rhn-support-rmetrich Renaud Metrich
            Vit Mojzis Vit Mojzis
            SSG Security QE SSG Security QE
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated: