Bug#906729: Please fix SELinux labels of /vmlinuz symlink after kernel update

To: 906729@bugs.debian.org
Subject: Bug#906729: Please fix SELinux labels of /vmlinuz symlink after kernel update
From: bauen1 <j2468h@googlemail.com>
Date: Sat, 5 Dec 2020 13:44:35 +0100
Message-id: <[🔎] c9a01818-97bd-ef30-48fe-2b1b94ff1109@gmail.com>
Reply-to: bauen1 <j2468h@googlemail.com>, 906729@bugs.debian.org
In-reply-to: <CAJ2a_DeC0vUiky65EjWXbvDBqSWUV8ibm35=9peOgoejkCZPaA@mail.gmail.com>
References: <CAJ2a_Df4g6j8ZdDn8fXQy1ucamap7E+rbX3Y9zHSHnZ=EtxzQg@mail.gmail.com> <CAJ2a_DeC0vUiky65EjWXbvDBqSWUV8ibm35=9peOgoejkCZPaA@mail.gmail.com> <CAJ2a_DeC0vUiky65EjWXbvDBqSWUV8ibm35=9peOgoejkCZPaA@mail.gmail.com> <153475781975.8041.4969759210085056376.reportbug@valinor.bigon.be>

On Sat, 25 Jan 2020 19:42:53 +0100 =?UTF-8?Q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> wrote:
> It is not needed for anything to work correctly; it is just that
> objects should have the context defined by the SELinux policy. The
> root_t context should only be used by the root path directory,
> anything else is suspicious and should be avoided. Also if one sets up
> an alert for incorrect labeled objects (e.g. via repeatedly running
> restorecon -v -R -n /) this mislabeling would trigger.

Even better would be if the linux-update-symlinks perl script fixed the symlinks label before replacing it in an atomic operation in https://salsa.debian.org/kernel-team/linux-base/-/blob/master/bin/linux-update-symlinks#L49-76

-- 

bauen1
https://dn42.bauen1.xyz/

Reply to:

Prev by Date: linux-signed-amd64_5.9.6+1~bpo10+1_source.changes ACCEPTED into buster-backports, buster-backports
Next by Date: Processed (with 1 error): your mail
Previous by thread: linux-signed-amd64_5.9.6+1~bpo10+1_source.changes ACCEPTED into buster-backports, buster-backports
Next by thread: Processed (with 1 error): your mail
Index(es):
- Date
- Thread