[Bug 465940] New: libsemanage: remove labeling of /root

https://bugzilla.novell.com/show_bug.cgi?id=465940 Summary: libsemanage: remove labeling of /root Classification: openSUSE Product: openSUSE 11.2 Version: unspecified Platform: Other OS/Version: Other Status: NEW Severity: Minor Priority: P5 - None Component: Other AssignedTo: prusnak@novell.com ReportedBy: thomas@novell.com QAContact: qa@suse.de Found By: Other Created an attachment (id=264931) --> (https://bugzilla.novell.com/attachment.cgi?id=264931) libsemanage-root.patch Hi, I just found this on the selinux ML. Maybe we don't need it and just update to the newest version for 11.2 which includes the patch. Therefore: JFYI Betreff: Patch to libsemanage to remove labeling of /root Datum: Dienstag, 13. Januar 2009 Von: Daniel J Walsh An: SE Linux -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Policy should label /root with one label and this should not be effected by the passwd database. In Fedora policy we label this as admin_home_t. Having this label vary depending on policy ends up with lines like dontaudit * user_home_t:dir search_dir_perms dontaudit * admin_home_t:dir search_dir_perms dontaudit * sysadmin_home_t:dir search_dir_perms dontaudit * staff_home_t:dir search_dir_perms Labeling this directory as user_home_t, opens the system to possible security risks since some domains have to be able to write to user_home_t when they would never be allowed to write to admin_home_t. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAklslqMACgkQrlYvE4MpobPY/ACdHitHOeU+c77VVePxkkTpmSsw M2gAoJxZPlUKHJ3cL0zIb8fuHMq5VSRz =LmKq -----END PGP SIGNATURE----- -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.