[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: If you are maintinaing of developing a Fedora Package.
- From: Karel Zak <kzak redhat com>
- To: Development discussions related to Fedora <fedora-devel-list redhat com>
- Subject: Re: If you are maintinaing of developing a Fedora Package.
- Date: Mon, 15 Oct 2007 23:31:17 +0200
On Sat, Oct 13, 2007 at 10:33:56AM -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> If the location of the executable changes,
> for example from /usr/bin to /usr/sbin. Please make sure the SELinux
> context is correct in the new location
>
> matchpathcon /usr/bin/MYAPP
> matchpathcon /ust/sbin/MYAPP
>
> If they aren't the same, then SELinux might have a problem.
Couldn't be better to maintain default selinux labels like others
file attributes?
%attr(4755,root,root) %selinux(foo_t) /bin/foo
> Changing this could cause a security vulnerabilty, an confined
> application can go to unconfined if it moves to a bin_t labeling.
Arjan is right, it sounds like pretty important to test it for
regressions.
Karel
--
Karel Zak <kzak redhat com>
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]