Bug 437211
| Summary: | gdm /tmp files relabel failure | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Warren Togami <wtogami> |
| Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED RAWHIDE | QA Contact: | Ben Levenson <benl> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | rawhide | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-05-07 15:25:15 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Warren Togami
2008-03-12 21:56:20 UTC
Traditionally the file contexts have explicitely excluded relabelling anything under /tmp. The reason for this is that if some highly classified data is in a file in /tmp it would not be appropriate to relabel it to a default label (of which incidentally there really isn't one for strict or MLS policies and even for targeted there is no single label that works in all situations). So a "fixfiles relabel" operation will offer to remove all files under /tmp A default per-user /tmp would solve this. Relabeling everything used to delete all the files in /tmp, which would fix the problem and cause gdm to recreate the files on start. But this was removed since it was considered to destructive. Added + rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* to fixfiles on autorelabel policycoreutils-2.0.47-2 |