Description of problem: When I run a yum upgrade, restorecon gets called. This seems like a bad idea: what if an attacker can write a file to my home directory and it gets the wrong label? Then I run an upgrade, and the file is given a good label? Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
As an attacker you should not have been allowed to write a bad label in the first place. restorecon is only run on differences between previous policy and new policy, which would not effect the homedir. If a confined app is able to write something to your homedir then most likely the better attack route is to modify an app, since we run users as unconfined_t we are not necessarily protecting the user.