Wind River Support Network

HomeDefectsOVP-247
Fixed

OVP-247 : [OVP][selinux] libvirt erroneously given extra permission to walk links

Created: Aug 6, 2013    Updated: Mar 11, 2016
Resolved Date: Sep 4, 2013
Found In Version: 5.0.1
Fix Version: 5.0.1.7
Severity: Severe
Applicable for: Wind River Linux 5
Component/s: Kernel

Description

In fixing WIND00428280 we accidentally gave libvirt permission to walk generic softlinks.  The proper solution is to have the user ensure that the type on the link reflects the same as the file it is linking to.

Workaround

You need to set the selinux attributes of the softlink to reflect that of the file it is pointing to.  Eg. chcon -v -h --reference=wrlinux-image-ovp-guest-x86-64-kvm-guest-20130617210347.rootfs.ext3 rootfs.ext3

Steps to Reproduce

Nothing to be done really.  If you create a softlink with generic type file_t, libvirt will be able to walk it.
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube