Bug 553868

Summary:	sec-policy/selinux-bitcoin has missing contexts
Product:	Gentoo Linux	Reporter:	Sven Vermeulen (RETIRED) <swift>
Component:	SELinux	Assignee:	SE Linux Bugs <selinux>
Status:	CONFIRMED ---
Severity:	normal	CC:	sam
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=529896 https://bugs.gentoo.org/show_bug.cgi?id=528516
Whiteboard:
Package list:		Runtime testing required:	---

Description Sven Vermeulen (RETIRED) gentoo-dev

2015-07-03 16:21:52 UTC

From bug 528516#c13:

Rebasing let me take a look at this now.

# semanage fcontext --list | grep bitcoin
/etc/bitcoin(/.*)?                                 all files          system_u:object_r:bitcoin_etc_t
/etc/rc\.d/init\.d/bitcoind                        regular file       system_u:object_r:bitcoin_initrc_exec_t
/usr/bin/bitcoind                                  regular file       system_u:object_r:bitcoin_exec_t
/var/lib/bitcoin(/.*)?                             all files          system_u:object_r:bitcoin_var_lib_t

These seem to be missing:

/var/lib/bitcoin/\.bitcoin/bitcoin\.conf                gen_context(system_u:object_r:bitcoin_etc_t,s0)
/var/lib/bitcoin/\.bitcoin/debug\.log                   gen_context(system_u:object_r:bitcoin_log_t,s0)
/var/log/bitcoin(/.*)?                                  gen_context(system_u:object_r:bitcoin_log_t,s0)

Feedback given then:

The /var/log/bitcoin one indeed needs to be added. The other ones should be carefully analyzed if this is mandatory or if bitcoin can't be updated to use proper locations (instead of (ab)using /var/lib for all that).

If it is necessary, then the proper filetrans definitions need to be taken up as well.

As this was in a different bug, opened a new one to track this.

Reproducible: Always