Bug 859881
Summary: | yum upgrade selinux-policy-targeted runs restorecon | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Need Real Name <lsof> |
Component: | selinux-policy-targeted | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED NOTABUG | QA Contact: | Ben Levenson <benl> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 18 | CC: | dwalsh |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-09-25 20:52:50 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Need Real Name
2012-09-24 09:34:50 UTC
As an attacker you should not have been allowed to write a bad label in the first place. restorecon is only run on differences between previous policy and new policy, which would not effect the homedir. If a confined app is able to write something to your homedir then most likely the better attack route is to modify an app, since we run users as unconfined_t we are not necessarily protecting the user. |