[DSE-Dev] Bug#742957: /usr/sbin/update-ca-certificates: Please restore SELinux label after generating ca-certificates.crt file
Laurent Bigonville
bigon at debian.org
Sat Mar 29 11:04:34 UTC 2014
Package: ca-certificates
Version: 20140325
Severity: wishlist
File: /usr/sbin/update-ca-certificates
Tags: patch
Hi,
Could you please consider applying the attached patch. It ensure that
the ca-certificates.crt file will be properly labeled ('cert_t' in the
refpolicy) when updated.
The ca-certificates.crt file is initally created in /tmp and thus is
labeled as '*_tmp_t', when the file is moved this label is preserved.
This could cause issues if a confined application wants to access it.
Cheers,
Laurent Bigonville
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.13-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages ca-certificates depends on:
ii debconf [debconf-2.0] 1.5.52
ii openssl 1.0.1f-1
ca-certificates recommends no packages.
ca-certificates suggests no packages.
-- debconf information excluded
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cabundle_label.patch
Type: text/x-diff
Size: 572 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20140329/7dc76a4d/attachment.patch>
More information about the SELinux-devel
mailing list