On 07/15/2010 07:47 AM, Till Maas wrote: > On Wed, Jul 14, 2010 at 08:54:13PM +0200, Lennart Poettering wrote: > >> Generally I think it is a good idea to ignore errors like this if they >> are clearly caught by later commands, simply for robustness >> reasons. i.e. if the command really fails to label the dir properly, >> then the daemon won't be able to access the dir and will then terminate >> with an error. > > Is it ensured that a wrong label will only decrease access to the dir? > If not, then the label could still allow the daemon and something > unwanted to access the dir. > > Regards > Till > Well the wrong label would be var_run_t, which most confined domains should not be allowed to read/write. If they are allowed to do this, it is a bug. A confined domain that is allowed to write to /var/run could create a directory in /var/run with the wrong label, creating a denial of service.
For example, hacked_app1 running as app1_t is allowed to created app1_var_run_t under /var/run. It could create /var/run/app2 directory with the label app1_var_run_t, when app2 (app2_t) starts it will try to write to /var/run/app2 and be denied do to the bad label. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
