Bug#849858: splt systemd tmpfile configuration files into respective packages
Laurent Bigonville
bigon at debian.org
Tue Jan 3 09:39:56 GMT 2017
Le 01/01/17 à 16:35, Michael Biebl a écrit :
> I still don't understand why we would need to move the tmpfiles config
> file from systemd to x11-common. Mind you that I don't have any selinux
> knowledge.
> Afaics, in Debian we have selinux-policy-default which should contain
> the selinux policy for the X11 tmp directories.
>
From a SELinux POV, well really depends of the policy used (the policy
can be seen as local admin configuration), but with the one shipped by
default in debian, the directories will end up being labeled as generic
tmp directories if the policy module for X is not loaded (on a server
for example). That would allow anybody to create files in these
directories, but is that a real security issue as they could do the same
in /tmp?
I initially thought it was something debian specific and told myself
that for consistency it might be interesting to move the config to the
x11-common package. But after seeing that it comes from systemd
upstream, I'm wondering if we should bother.
More information about the Pkg-systemd-maintainers
mailing list