/sbin/restorecon and hard links
Stephen Smalley
sds at tycho.nsa.gov
Wed Feb 15 15:09:48 UTC 2006
On Wed, 2006-02-15 at 09:50 -0500, Chuck Anderson wrote:
> Restores from backup. Until our backup utility supports extended
> attributes, we will have to use restorecon so at least the default
> labels are set up properly.
In the file restoration case, you are re-creating files under /home, so
they won't be hard links to system files, and presumably the user isn't
allowed to login while you are restoring his home directory, so he can't
create any links during that process.
> Also, assuming we do backup extended attributes, will this problem
> still exist when restoring them from backup?
You won't have to run restorecon in that case, and the restore utility
presumably would just set the attributes as it creates each file, so
likely not. But remember that targeted policy doesn't confine users,
only specific programs/daemons, so if you are using it, you aren't
relying on SELinux to counter malicious users at all, so this is no
different.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list