https://bugzilla.novell.com/show_bug.cgi?id=465940
Summary: libsemanage: remove labeling of /root
Classification: openSUSE
Product: openSUSE 11.2
Version: unspecified
Platform: Other
OS/Version: Other
Status: NEW
Severity: Minor
Priority: P5 - None
Component: Other
AssignedTo: prusnak@novell.com
ReportedBy: thomas@novell.com
QAContact: qa@suse.de
Found By: Other
Created an attachment (id=264931)
--> (https://bugzilla.novell.com/attachment.cgi?id=264931)
libsemanage-root.patch
Hi,
I just found this on the selinux ML. Maybe we don't need it and just update to
the newest version for 11.2 which includes the patch. Therefore: JFYI
Betreff: Patch to libsemanage to remove labeling of /root
Datum: Dienstag, 13. Januar 2009
Von: Daniel J Walsh
An: SE Linux
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Policy should label /root with one label and this should not be effected
by the passwd database.
In Fedora policy we label this as admin_home_t. Having this label vary
depending on policy ends up with lines like
dontaudit * user_home_t:dir search_dir_perms
dontaudit * admin_home_t:dir search_dir_perms
dontaudit * sysadmin_home_t:dir search_dir_perms
dontaudit * staff_home_t:dir search_dir_perms
Labeling this directory as user_home_t, opens the system to possible
security risks since some domains have to be able to write to
user_home_t when they would never be allowed to write to admin_home_t.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAklslqMACgkQrlYvE4MpobPY/ACdHitHOeU+c77VVePxkkTpmSsw
M2gAoJxZPlUKHJ3cL0zIb8fuHMq5VSRz
=LmKq
-----END PGP SIGNATURE-----
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.