Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 417857 - Support dynamic /run directories
Summary: Support dynamic /run directories
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Sven Vermeulen (RETIRED)
Whiteboard: sec-policy r11
Depends on:
Reported: 2012-05-27 18:59 UTC by Sven Vermeulen (RETIRED)
Modified: 2012-07-30 16:35 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sven Vermeulen (RETIRED) gentoo-dev 2012-05-27 18:59:03 UTC
Without /run, most init scripts use /var/run/<service> as their var_run_t location (like sshd_var_run_t). This location is often created by a package and, by just setting the right context, the package manager makes this location correctly labeled from the start.

With /run however, these directories are (re)created over and over again at every boot (since /run is a tmpfs). The directories are often created by init scripts, running in initrc_t but are otherwise not SELinux-aware. As a result, all created directories in /run inherit the initrc_var_run_t label.

Although one fix could be to update all init scripts to run "restorecon" afterwards, this might be fixed by the policy as well (using named file transitions).

Reproducible: Always
Comment 1 Sven Vermeulen (RETIRED) gentoo-dev 2012-05-28 08:13:51 UTC
Necessary named file transitions will be supported in r11
Comment 2 Sven Vermeulen (RETIRED) gentoo-dev 2012-05-28 09:14:49 UTC
In hardened-dev overlay, rev 11
Comment 3 Sven Vermeulen (RETIRED) gentoo-dev 2012-06-27 21:59:48 UTC
In main tree, ~arch'ed
Comment 4 Sven Vermeulen (RETIRED) gentoo-dev 2012-07-30 16:35:50 UTC