All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] mcstrans: preserve runtime directory
@ 2023-01-17 17:20 Christian Göttsche
  2023-02-01 14:34 ` James Carter
  2023-02-01 15:03 ` Petr Lautrbach
  0 siblings, 2 replies; 3+ messages in thread
From: Christian Göttsche @ 2023-01-17 17:20 UTC (permalink / raw)
  To: selinux

Do not remove the runtime directory /run/setrans/, which is the parent
for the security context translation socket .setrans-unix, when the
service is stopped, so the path can not be taken over by a foreign
program, which could lead to a compromise of the context translation of
libselinux.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 mcstrans/src/mcstrans.service | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mcstrans/src/mcstrans.service b/mcstrans/src/mcstrans.service
index c13cd09a..fdcfb0d4 100644
--- a/mcstrans/src/mcstrans.service
+++ b/mcstrans/src/mcstrans.service
@@ -9,6 +9,7 @@ Conflicts=shutdown.target
 [Service]
 ExecStart=/sbin/mcstransd -f
 RuntimeDirectory=setrans
+RuntimeDirectoryPreserve=true
 
 [Install]
 WantedBy=multi-user.target
-- 
2.39.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-02-01 15:08 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-01-17 17:20 [PATCH] mcstrans: preserve runtime directory Christian Göttsche
2023-02-01 14:34 ` James Carter
2023-02-01 15:03 ` Petr Lautrbach

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.