[refpolicy] Two issues with restorecon
Daniel J Walsh
dwalsh at redhat.com
Tue Mar 29 08:56:57 CDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/28/2011 06:14 PM, David Härdeman wrote:
> On Fri, Feb 04, 2011 at 08:55:04AM -0500, Daniel J Walsh wrote:
>> On 02/04/2011 08:14 AM, David Härdeman wrote:
>>> Two related issues I just discovered with restorecon (sorry, I'm not close
>>> to my private laptop so I can't provide patches):
>>>
>>> 1) When running "restorecon -r /", restorecon (setfiles) wants to write an
>>> audit message that the whole fs is being relabeled (only happens when doing
>>> it on /), but the refpolicy doesn't seem to give setfiles_t access to write
>>> audit messages which I guess it should.
>>>
>>> 2) When running "restorecon -r -n /", restorecon (setfiles) wants to write
>>> the same audit message as above - which would be misleading since it's not
>>> actually changing any labels.
>>>
>> Could you open two bugzillas
>
> I'm sorry, you got me confused...bugzilla entries in the redhat bugzilla
> database? I'm not a redhat user... (and apologies for not replying
> straight away)...
>
Yes I was thinking the Red Hat bugzilla, but now that you mention it, we
do allow the first in Red Hat/Fedora policy and the second is a bug in
policycoreutils/restorecon. (But not sure whether I would say it is a
high priority.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk2R5SkACgkQrlYvE4MpobPOxwCgraDPXrKFxeGc+EDftq5kg5Jm
vFgAoLzNaNLJBUAJswIbWdL3itkqlOfL
=fTxr
-----END PGP SIGNATURE-----
More information about the refpolicy
mailing list