Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 390126 Details for
Bug 530192
Portage should use force relabeling for installed files to have system_u as target SELinux user
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Force SELinux user during relabel
0001-Force-the-SELinux-user-during-relabel-operation.patch (text/plain), 1.55 KB, created by
Sven Vermeulen (RETIRED)
on 2014-11-23 16:16:40 UTC
(
hide
)
Description:
Force SELinux user during relabel
Filename:
MIME Type:
Creator:
Sven Vermeulen (RETIRED)
Created:
2014-11-23 16:16:40 UTC
Size:
1.55 KB
patch
obsolete
>From 1642bd99af5440f527722370de09c3d046437adc Mon Sep 17 00:00:00 2001 >From: Sven Vermeulen <sven.vermeulen@siphos.be> >Date: Sun, 23 Nov 2014 17:10:50 +0100 >Subject: [PATCH 1/1] Force the SELinux user during relabel operation > >When Portage relabels the files of the package, it currently calls >setfiles (which is correct) but does not use the -F option (force). As a >result, the files only get assigned the right SELinux type, but not the >right SELinux user and SELinux role. > >By using "setfiles -F", the SELinux user (and role, but role almost >always remains "object_r") is set to the right one (system_u mostly). > >Without this, a multi-user system with different SELinux users and with >User Based Access Control (UBAC) enabled (the local "ubac" USE flag) >might find that some software fails to work for different SELinux users >than the one used to install the software, until a full forced relabel >operation is done. > >See also bug https://bugs.gentoo.org/show_bug.cgi?id=530192 >--- > bin/misc-functions.sh | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/bin/misc-functions.sh b/bin/misc-functions.sh >index 6e6fcb4..8d5df78 100755 >--- a/bin/misc-functions.sh >+++ b/bin/misc-functions.sh >@@ -392,7 +392,7 @@ preinst_selinux_labels() { > addwrite /selinux/context > addwrite /sys/fs/selinux/context > >- /usr/sbin/setfiles "${file_contexts_path}" -r "${D}" "${D}" >+ /usr/sbin/setfiles -F "${file_contexts_path}" -r "${D}" "${D}" > ) || die "Failed to set SELinux security labels." > else > # nonfatal, since merging can happen outside a SE kernel >-- >2.0.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=390126">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 530192
: 390126
