199609 – SELinux handbook should cover labeling swapfile

Bug 199609 - SELinux handbook should cover labeling swapfile

Summary: SELinux handbook should cover labeling swapfile

Status:	RESOLVED FIXED

Alias:	None

Product:	Documentation
Classification:	Unclassified
Component:	Project-specific documentation (show other bugs)
Hardware:	All Linux

Importance:	High enhancement (vote)
Assignee:	SE Linux Bugs

URL:	http://www.gentoo.org/proj/en/hardene...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-11-19 01:14 UTC by Andrew Ross (RETIRED)
Modified:	2011-06-03 09:17 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andrew Ross (RETIRED) gentoo-dev

2007-11-19 01:14:45 UTC

The SELinux handbook should include a section on setting the correct context for a swapfile, in case the user doesn't have a dedicated swap partition. The necessary command appears to be "chcon -t swapfile_t [filename]".

Since swapfile_t is a customizable type, it will be preserved during a relabel, unless the user explicitly requests that customizable types be reset. Because of this, it may be necessary to drop the "-r" on the rlpkg commands in the SELinux handbook. I'm not convinced that they're necessary anyway, since the user won't have labeled anything with a customizable type at this point in the conversion process.

Comment 1 Sven Vermeulen 2011-04-16 09:08:50 UTC

Added to hardened-docs overlay. I chose to use 

~# semanage fcontext -a -t swapfile_t "/swapfile"
~# restorecon /swapfile

instead, so that even when a full file system relabelling (including customizable types) is done, the setting is still preserved.

Comment 2 Anthony Basile gentoo-dev

2011-06-03 09:17:24 UTC

Its at http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?full=1 in "Label the File System" Code listing 2.9