If you are maintinaing of developing a Fedora Package.
Karel Zak
kzak at redhat.com
Mon Oct 15 21:31:17 UTC 2007
On Sat, Oct 13, 2007 at 10:33:56AM -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> If the location of the executable changes,
> for example from /usr/bin to /usr/sbin. Please make sure the SELinux
> context is correct in the new location
>
> matchpathcon /usr/bin/MYAPP
> matchpathcon /ust/sbin/MYAPP
>
> If they aren't the same, then SELinux might have a problem.
Couldn't be better to maintain default selinux labels like others
file attributes?
%attr(4755,root,root) %selinux(foo_t) /bin/foo
> Changing this could cause a security vulnerabilty, an confined
> application can go to unconfined if it moves to a bin_t labeling.
Arjan is right, it sounds like pretty important to test it for
regressions.
Karel
--
Karel Zak <kzak at redhat.com>
More information about the fedora-devel-list
mailing list