commit | 31edb319affb5e5c6298a53ca2de62abedb01630 | [log] [tgz] |
---|---|---|
author | Eric Paris <eparis@redhat.com> | Mon Aug 15 19:58:08 2011 -0400 |
committer | Eric Paris <eparis@redhat.com> | Fri Sep 16 11:53:46 2011 -0400 |
tree | 72328e404d441ca3ec9c38fee1304901404e6418 | |
parent | 4347a5c01d79778ffb9c74b02cd174b0469670c8 [diff] |
policycoreutils: sandbox: rewrite /tmp handling seunshare now creates a runtime temporary directory owned by root and with the sticky bit set properly. Files from the user-specified directory are copied to the runtime directory and the changes synced back (using rsync) at the end of the seunshare run. This is hoped to address CVE-2011-1011 Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>