Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 553868 - sec-policy/selinux-bitcoin has missing contexts
Summary: sec-policy/selinux-bitcoin has missing contexts
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: SELinux (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: SE Linux Bugs
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-07-03 16:21 UTC by Sven Vermeulen (RETIRED)
Modified: 2015-07-03 16:21 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sven Vermeulen (RETIRED) gentoo-dev 2015-07-03 16:21:52 UTC
From bug 528516#c13:

Rebasing let me take a look at this now.

# semanage fcontext --list | grep bitcoin
/etc/bitcoin(/.*)?                                 all files          system_u:object_r:bitcoin_etc_t
/etc/rc\.d/init\.d/bitcoind                        regular file       system_u:object_r:bitcoin_initrc_exec_t
/usr/bin/bitcoind                                  regular file       system_u:object_r:bitcoin_exec_t
/var/lib/bitcoin(/.*)?                             all files          system_u:object_r:bitcoin_var_lib_t

These seem to be missing:

/var/lib/bitcoin/\.bitcoin/bitcoin\.conf                gen_context(system_u:object_r:bitcoin_etc_t,s0)
/var/lib/bitcoin/\.bitcoin/debug\.log                   gen_context(system_u:object_r:bitcoin_log_t,s0)
/var/log/bitcoin(/.*)?                                  gen_context(system_u:object_r:bitcoin_log_t,s0)

Feedback given then:

The /var/log/bitcoin one indeed needs to be added. The other ones should be carefully analyzed if this is mandatory or if bitcoin can't be updated to use proper locations (instead of (ab)using /var/lib for all that).

If it is necessary, then the proper filetrans definitions need to be taken up as well.

As this was in a different bug, opened a new one to track this.

Reproducible: Always