Bug#906729: Please fix SELinux labels of /vmlinuz symlink after kernel update
It is not needed for anything to work correctly; it is just that
objects should have the context defined by the SELinux policy. The
root_t context should only be used by the root path directory,
anything else is suspicious and should be avoided. Also if one sets up
an alert for incorrect labeled objects (e.g. via repeatedly running
restorecon -v -R -n /) this mislabeling would trigger.
--- /var/lib/dpkg/info/linux-image-5.4.0-3-amd64.postinst
2020-01-19 10:22:58.000000000 +0100
+++ /root/workspace/linux-image-5.4.0-3-amd64.postinst 2020-01-25
19:29:15.264928445 +0100
@@ -15,6 +15,8 @@
change=upgrade
fi
linux-update-symlinks $change $version $image_path
+# set SELinux context (#906729)
+which restorecon >/dev/null 2>&1 && restorecon /vmlinuz /initrd.img
rm -f /lib/modules/$version/.fresh-install
if [ -d /etc/kernel/postinst.d ]; then
Reply to: