If you are maintinaing of developing a Fedora Package.

Karel Zak kzak at redhat.com
Mon Oct 15 21:31:17 UTC 2007

On Sat, Oct 13, 2007 at 10:33:56AM -0400, Daniel J Walsh wrote:
> Hash: SHA1
> If the location of the executable changes,
> for example from /usr/bin to /usr/sbin.  Please make sure the SELinux
> context is correct in the new location
> matchpathcon /usr/bin/MYAPP
> matchpathcon /ust/sbin/MYAPP
> If they aren't the same, then SELinux might have a problem.

 Couldn't be better to maintain default selinux labels like others
 file attributes?

     %attr(4755,root,root) %selinux(foo_t)  /bin/foo

> Changing this could cause a security vulnerabilty, an confined
> application can go to unconfined if it moves to a bin_t labeling.

 Arjan is right, it sounds like pretty important to test it for


 Karel Zak  <kzak at redhat.com>

More information about the fedora-devel-list mailing list