errors with labels after running for a while

[Russell Coker]

On Tue, 16 Mar 2004 01:47, Stephen Smalley <sds at epoch.ncsc.mil> wrote:
> > sed & mv, actually.
>
> Can you add a '/usr/sbin/restorecon etc/rndc.key' (and likewise for any
> similarly created files)?  That should restore the context on it based
> on the installed file_contexts file.

In such cases restorecon is the only option.

In general when developing a package it's easiest to do the following things:

1)  Put config files in a sub-directory of /etc whenever possible.  Files take 
their type from the type of the parent directory by default.  This means that 
we get the right label without any effort.  Also programs that create files 
in that directory will not need write permission to etc_t (which may become 
important in later evolutions of the software).

2)  Have a single script that creates the file.  If creating the file in 
question is a relatively common operation then having a script to do it is 
easiest as we can have domain_auto_trans() rules to give the right context 
for the script.  Of course there is the requirement that when doing a 
domain_auto_trans() on a script execution the target domain must not be more 
privileged than the source domain, otherwise you make a security hole.  
Having a single script to perform an operation generally gives us the best 
range of options for changing how it works on the SE Linux side with minimum 
disturbance to the rpm side.

3)  Make sure that you create the temporary file in the target directory.  mv 
across file systems is not atomic, and you get type labeling issues.  The 
bind script in question is correct in this regard, but I'm just mentioning it 
now as it's a common mistake.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page