| Summary: | sys-process/fcron-3.1.1 - Files were moved without updating default selinux file context policies, please patch. | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | vespian <gentooorg> |
| Component: | SELinux | Assignee: | Sven Vermeulen (RETIRED) <swift> |
| Status: | VERIFIED FIXED | ||
| Severity: | normal | CC: | cron-bugs+disabled, flameeyes, selinux |
| Priority: | Normal | Keywords: | PATCH |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | sec-policy r12 | ||
| Package list: | Runtime testing required: | --- | |
| Attachments: |
Fix fcron&fcronsighup default contexts
Fix default selinux context for fcrontab's temporary files. emerge --info |
||
Created attachment 337642 [details, diff]
Fix default selinux context for fcrontab's temporary files.
Created attachment 337644 [details]
emerge --info
I think that I wrongly set the Component field - it should be SElinux. Sorry about that. @selinux please advise on these bugs, or simply fix them if something's there to fix. Fixed in repository and can be checked using the live ebuilds. Will be fixed in the r12 policies as well. rev 12 in main tree, ~arch'ed |
Created attachment 337640 [details] Fix fcron&fcronsighup default contexts With fcron update from 3.0.6-r1 to 3.1.1 fcron, and fcronsighup binaries were moved to /usr/libexec without updating selinux file context policies. In effect we have right after update: ~ # semanage fcontext -l | grep fcronsighup /usr/sbin/fcronsighup regular file system_u:object_r:crontab_exec_t:s0 ~ # ls -lZ /usr/libexec/fcronsighup -rws--x---. 1 root fcron system_u:object_r:bin_t:s0 27032 01-29 03:03 /usr/libexec/fcronsighup Patch implementing a possible fix was attached as fcron_context_p1.patch. Additionally the policy does not reflect temporary files which fcron creates, patch is in fcron_context_p2.patch There are other changes to, but still working on them.