[Pkg-openldap-devel] Bug#634081: /usr/sbin/slap* hard links break SELinux

Daniel Franke dfoxfranke at gmail.com
Sat Jul 16 16:58:47 UTC 2011


Package: slapd
Version: 2.4.23-7.2
Severity: normal

The files /usr/sbin/slap* are all hard links to the same binary. The
standard SELinux policy wants the context of /usr/sbin/slapd to be
system_u:object_r:slapd_exec_t, while the rest should be
system_u:object_r:bin_t. The use of hard links makes this impossible,
since SELinux security labels are assigned to inodes.

Ironically, it appears that the reason these files are being created
as hard links is that the original behavior of using symlinks was
breaking AppArmor. See Debian bug #488409 and Ubuntu bug #203898.





More information about the Pkg-openldap-devel mailing list