Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 160897 - Better mechanism is needed for pre-creating folders
Summary: Better mechanism is needed for pre-creating folders
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict
Version: rawhide
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-18 07:12 UTC by Ivan Gyurdiev
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-09-18 19:04:38 UTC


Attachments (Terms of Use)

Description Ivan Gyurdiev 2005-06-18 07:12:09 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4

Description of problem:
We need something that's managed with the package, whose files
we are pre-creating - not with selinux. We need to be doing
creation and relabel at install time, not at login shell time.


Version-Release number of selected component (if applicable):


How reproducible:
Didn't try

Steps to Reproduce:


Additional info:

Comment 1 Ivan Gyurdiev 2005-11-10 16:27:14 UTC
This bug refers to the /etc/profile.d/selinux.sh script, which is a (necessary)
hack, that should be eradicated in the long term, and replaced with a per
package solution of some kind.

A related item is the need to pre-create /tmp folders that are not "owned" by a
particular user (like .*-unix). The selinux.sh script does not work for those,
because it's a profile script. Those folders can be erased on a tmpfs /tmp, and
need to be re-created before anything starts using them, mis-setting the
context. This seems to imply that we need a boot time script for selinux as well.

Comment 3 Daniel Walsh 2006-09-18 19:04:38 UTC
restorecond can do this.


Note You need to log in before you can comment on or make changes to this bug.