mountall does not run restorecon on tmpfs
Bug #456942 reported by
Kees Cook
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mountall (Ubuntu) |
Fix Released
|
Medium
|
Kees Cook | ||
Karmic |
Fix Released
|
Medium
|
Kees Cook |
Bug Description
Binary package hint: mountall
In the old /lib/init/
...
mount -n -t $FSTYPE $5 $OPTS $DEVNAME $MTPT
if [ "$FSTYPE" = "tmpfs" -a -x /sbin/restorecon ]; then
fi
the test and execution of restorecon (for SELinux support) is missing from the new mountall. This blocks SELinux from booting sanely.
It's not clear to me how to handle this in mountall's mount() function. As it stands, a mount can only execute one hook at a time, and several already-defined filesystems have a hook and are tmpfs. This needs to be generically executed for all tmpfs mounts.
Changed in mountall (Ubuntu): | |
status: | New → Fix Committed |
assignee: | nobody → Kees Cook (kees) |
importance: | Undecided → Medium |
Changed in mountall (Ubuntu Karmic): | |
milestone: | none → ubuntu-9.10 |
To post a comment you must log in.
Hi Kees,
What does restorecon do in this case, do you know the equivalent C code - I guess the right way would be to have a function in mountall() do to SELinuxy things.
Why is this unique to tmpfs? Shouldn't we restorecon anything new we mount?