mirror of
https://github.com/topjohnwu/selinux.git
synced 2024-12-12 22:05:58 +00:00
8edc3f9730
Remove the support for hard linking files in semanage_copy_file, as it is unsafe and can leave the active store corrupted if something goes wrong during the transaction. It also can leave the installed policy files with incorrect file modes or security contexts. To do this safely, we would need to change all functions that write to the sandbox files to first unlink the destination file. This was done in the original patch for the write_file helper but not for other cases. It would need to be done for all functions that open.*O_CREAT or fopen.*w on a file in the sandbox. We also don't want this applied to the installed policy files, as they need to be created with appropriate file modes and security contexts that may differ from the sandbox files. At present, the hard link support will only affect the installed policy files when they are first created; afterward the link() call will always fail with EEXIST since they are not unlinked prior to installation (nor would that be safe as it could leave the system without a policy - rename would make more sense in that situation). If we were to re-introduce hard link support, we ought to use different helpers or flags for installing the policy files than for copying the active store to the temporary sandbox to avoid affecting both. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> |
||
|---|---|---|
| .. | ||
| example | ||
| include | ||
| man | ||
| src | ||
| tests | ||
| ChangeLog | ||
| COPYING | ||
| Makefile | ||
| VERSION | ||