Bug#906729: Please fix SELinux labels of /vmlinuz symlink after kernel update
Package: linux-base
Version: 4.5
Severity: normal
File: /usr/bin/linux-update-symlinks
User: selinux-devel@lists.alioth.debian.org
Usertags: selinux
Hi,
After updating the kernel it seems that the /vmlinuz(.old) and
/initrd.img(.old) symlinks are deleted and then recreated.
This means that the SELinux label of these symlinks should be reset.
The easiest way of doing that is (as there are no perl bindings) to call
restorecon executable if the executable is installed on the machine as
it handel the case were selinux is disabled on the machine gracefully
ie. restorecon /vmlinuz
Kind regards,
Laurent Bigonville
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.17.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy
Versions of packages linux-base depends on:
ii debconf [debconf-2.0] 1.5.69
linux-base recommends no packages.
linux-base suggests no packages.
-- debconf information:
linux-base/removing-title:
linux-base/removing-running-kernel: true
Reply to: