Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 199609

Summary: SELinux handbook should cover labeling swapfile
Product: Documentation Reporter: Andrew Ross (RETIRED) <aross>
Component: Project-specific documentationAssignee: SE Linux Bugs <selinux>
Status: RESOLVED FIXED    
Severity: enhancement    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=2&chap=3
Whiteboard:
Package list:
Runtime testing required: ---

Description Andrew Ross (RETIRED) gentoo-dev 2007-11-19 01:14:45 UTC 
The SELinux handbook should include a section on setting the correct context for a swapfile, in case the user doesn't have a dedicated swap partition. The necessary command appears to be "chcon -t swapfile_t [filename]".

Since swapfile_t is a customizable type, it will be preserved during a relabel, unless the user explicitly requests that customizable types be reset. Because of this, it may be necessary to drop the "-r" on the rlpkg commands in the SELinux handbook. I'm not convinced that they're necessary anyway, since the user won't have labeled anything with a customizable type at this point in the conversion process.
Comment 1 Sven Vermeulen 2011-04-16 09:08:50 UTC 
Added to hardened-docs overlay. I chose to use 

~# semanage fcontext -a -t swapfile_t "/swapfile"
~# restorecon /swapfile

instead, so that even when a full file system relabelling (including customizable types) is done, the setting is still preserved.
Comment 2 Anthony Basile gentoo-dev 2011-06-03 09:17:24 UTC 
Its at http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?full=1 in "Label the File System" Code listing 2.9